Report - 7003659.com/

Report Overview

Submitted URL
7003659.com/
IP
43.198.190.53
ASN
#16509 AMAZON-02
Submitted
2024-04-16 17:52:15
Access
public
Website Title
bet365 - 官方直营
Final URL
7003659.com:8989/
Tags
bet365 gambling phishing
urlquery detections
Phishing - Bet365

Detections

urlquery
83
Network Intrusion Detection
0
Threat Detection Systems
150

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
vue.livehelp100service.com	unknown	2021-12-08	2022-07-27	2024-03-01	2.3 kB	909 kB	143.204.55.116
786ad.239tgaaagf.com	unknown	2023-07-24	2023-07-25	2024-04-14	1.6 kB	20 kB	99.83.207.187
7003659.com	unknown	2017-06-06	2018-01-25	2023-11-17	466 B	399 B	43.198.190.53
7003659.com:8989	unknown	unknown	No data	No data	37 kB	3.0 MB	43.198.190.53
sdk.51.la	88367	2005-01-17	2021-03-08	2024-04-16	402 B	14 kB	47.246.44.238
3dsa62.gaokejd.xyz	unknown	2019-07-19	2023-10-03	2024-04-11	26 kB	4.1 MB	103.155.16.137

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	7003659.com/	Bet365

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed
2024-04-16	medium	7003659.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (52)

	URL	Size	First Seen	Last Seen
	7003659.com:8989/	48 B	2023-03-07	2024-04-29
Pretty URL 7003659.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14:38 Last Seen2024-04-29 19:52:03 Times Seen6378 Hash 37f0336a6fe3f56c661b149ecf659efe 9aff4163d5da3b8d760f0593c583dd8d1f6dfc14 f33f7afadc5c318efdd57d35da2dc2aebe39fd166a61905ce37b9f7363f51c2f Loading...

	7003659.com:8989/	1.1 kB	2024-04-11	2024-04-29
Pretty URL 7003659.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-11 17:47:49 Last Seen2024-04-29 19:52:03 Times Seen186 Hash f430889e57d1f366b5b08cb58a3b8942 439179f3b673eecadb0a551dfa953eaf649be8a8 c950dc3e3086e6f4fe3c32a2464ef623d8cf324b928a0d3818fa7f97f9fb3d11 Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/bootstrap-dialog.min.js	20 kB	2023-03-07	2024-04-29
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/bootstrap-dialog.min.js IP 103.155.16.137 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:38 Last Seen2024-04-29 19:52:04 Times Seen12818 Hash 5ce8851dc823429a42ab6147554403cc 28f381f0e0aa4f5d56690e65723bd97fb59a38e6 dd1edf5e54071903c4c1e81e33636444899d645df6b18bad22249da07f91c811 Loading...

	7003659.com:8989/	709 B	2023-10-03	2024-04-28
Pretty URL 7003659.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-03 13:36:14 Last Seen2024-04-28 20:00:52 Times Seen418 Hash ec5552657de7540d7b409f6dbe53ede8 7ee24fe3947c5f873f6ffa035fd2738422b77455 8699acefc2704c2111fc179e5175c3a30c034d62fc1e49aed6c85c094520a0f2 Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/idangerous.swiper.min.js	45 kB	2023-08-15	2024-04-29
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/idangerous.swiper.min.js IP 103.155.16.137 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-15 12:01:05 Last Seen2024-04-29 19:52:04 Times Seen7755 Hash f15409fb02c527ce1f66a2fd3c4aa0e9 1e1e1bcc0f49e99e14ba34991cffe0745178d302 1a1b5d3d6fbfc28abe37a668abd59494208c63c5f0b5d040cf4bbbd137f87c27 Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/PopUp.js	2.1 kB	2023-03-07	2024-04-29
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/PopUp.js IP 103.155.16.137 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:38 Last Seen2024-04-29 19:52:04 Times Seen12794 Hash 07864ad2e2759d53f8f2f14dd4295bd9 95144219e2eb702c4c4a707c3622b086876cf41c 871bf30791bb89605b61cea815c3786246274b65ede3b8a8b8c2dd9244cfa89d Loading...

	7003659.com:8989/	29 kB	2024-04-16	2024-04-18
Pretty URL 7003659.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 19:52:24 Last Seen2024-04-18 05:37:50 Times Seen2 Hash a5c867f7075e14228f77d16e0629d76f 68f419923bd3a2d53180a8364b8751b7b9470815 9221139a44703e31e8f3789ce40c65de4e9f5535ff9043827913dcf30c37dbe3 Loading...

	7003659.com:8989/	13 kB	2023-04-05	2024-04-29
Pretty URL 7003659.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 18:30:47 Last Seen2024-04-29 19:52:04 Times Seen6384 Hash 109d40ff6f9b3510b169fac4b8e845ce 4ce0fc768718f555487159ddd745e728a0c74c64 7b782f2e9589aa72ddadf4546c0f09709c73bea1339cd0ce893dfc40f6252949 Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/lazyload.js	12 kB	2023-08-15	2024-04-29
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/lazyload.js IP 103.155.16.137 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-15 12:01:05 Last Seen2024-04-29 19:52:04 Times Seen3872 Hash d87854586672bff7f886a47da85da5ed 8d0537030dc7a81ade87a41a75fd5a75e4e33da1 17859187f895c27de8869fb6bfec579fd68c4588d0af71d08d334be92d144ada Loading...

	vue.livehelp100service.com/livechat.ashx?siteId=65000584	1.9 kB	2024-04-14	2024-04-16
Pretty URL vue.livehelp100service.com/livechat.ashx?siteId=65000584 IP 143.204.55.116 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-14 19:31:18 Last Seen2024-04-16 19:52:24 Times Seen3 Hash eb4204c9d8d263d5b35864f71416e111 30582beb029282adec276f59d50159ae24f1aab5 37d46b0ad3ff983f2d6b9d780d3f31d486c55eca508c4c82b6931d5af95fe9f4 Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/gui-base.js	61 kB	2023-08-26	2024-04-29
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/gui-base.js IP 103.155.16.137 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-26 00:19:56 Last Seen2024-04-29 19:52:04 Times Seen3340 Hash e6ce47d880d7a50ddf91b074c8572edf 6a3657c67209136e5b544859daecf16f2d153b72 c49e04c7ecfd07c74b58cf161ef2b58f2bc837a9091ed1ae090a33734cdaa734 Loading...

	7003659.com:8989/	11 kB	2023-04-05	2024-04-29
Pretty URL 7003659.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 18:30:47 Last Seen2024-04-29 19:52:04 Times Seen6359 Hash 6681856885ee92601b7711c11d19553f 95ab4437869df8c790cad28e0753a4c9ea362e73 ce52fd46b2a5cfd741a2f0c39bc2d5218271b5690bdf8ec33af94f1062e98d23 Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery-1.11.3.min.js	96 kB	2023-03-07	2024-04-29
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery-1.11.3.min.js IP 103.155.16.137 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:10 Last Seen2024-04-29 19:52:04 Times Seen13405 Hash b091a47f6b91e26c93a848092c6f3788 52918af2d431e73464060b35d364640c8db75606 329ab92b9276ef4e3148f69be6b208969bebdf2db3121a589caa172453fd9f10 Loading...

	7003659.com:8989/	3.6 kB	2023-04-05	2024-04-29
Pretty URL 7003659.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 18:30:47 Last Seen2024-04-29 19:52:04 Times Seen6357 Hash d15a9b513acdcf3e9b08901384511565 f1fe72392137895e4952f835c0330f76aacfecdf 9fa644edfd9af9be6b244016e8f4f0eaee414732edc6ba3641e8647253359995 Loading...

	7003659.com:8989/	31 kB	2024-04-16	2024-04-18
Pretty URL 7003659.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 19:52:24 Last Seen2024-04-18 05:37:51 Times Seen2 Hash 7fd315f1a031c3c343e904ce49225075 ae0a0ee81f5ad5237929da78d5492076afde1854 33ee7c4003a3a43fca9eb47b93d58f6a7b7d78ae94dca4e93e320d86cb993d91 Loading...

	3dsa62.gaokejd.xyz/ftl/bet365-141-2/plugin/js/swiper-4.3.3.min.js	123 kB	2023-03-07	2024-04-29
Pretty URL 3dsa62.gaokejd.xyz/ftl/bet365-141-2/plugin/js/swiper-4.3.3.min.js IP 103.155.16.137 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:22 Last Seen2024-04-29 19:52:04 Times Seen9903 Hash 317fd00903b68a157500b40495e8d74e 29ba73703d5c1d5390551e9fb230a3f1ace1437e efac6fec2ba437b6a906e249fad9de3c7d3c105a48136b0155376b5989c4d76a Loading...

	vue.livehelp100service.com/visitorside/js/common.65ab9e3e.js	81 kB	2024-04-12	2024-04-18
Pretty URL vue.livehelp100service.com/visitorside/js/common.65ab9e3e.js IP 143.204.55.116 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-12 05:48:51 Last Seen2024-04-18 07:10:17 Times Seen71 Hash 8d56a09901fd0c641df6266d979439bb 4ed2b6a1f13cedb73d62c6edfc1f5e1b85baee26 b38884d49c167f03722f6712400d9875f310e692441650fe0069eeae1c972049 Loading...

	unknown	278 B	2023-04-14	2024-04-29
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 20:29:13 Last Seen2024-04-29 19:52:04 Times Seen5612 Hash cf0aad09d2e7287c48d72501c4ed8cbd 7950b8c00d5a278b662dbccd11af31398a408e51 72512199b29d971b5fe854b1f610604dcbdec2c38666c106f1d15863e0df32db Loading...

	7003659.com:8989/	20 kB	2023-04-05	2024-04-29
Pretty URL 7003659.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 18:30:47 Last Seen2024-04-29 19:52:04 Times Seen6353 Hash 9f5bce1aa50f72fd0834901c70db4f43 41771079bee5eb45539e694a5eff580732ab26b0 a50724b65a2657f6e67adbf98a3dd135de52b4786350f0b1bd142adff38c7ffd Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/layer.js	22 kB	2023-04-05	2024-04-29
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/layer.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 18:30:47 Last Seen2024-04-29 19:52:04 Times Seen6373 Hash cb96339625e9d456e32f86cdb3c7a7a1 1301165c58bbb13c542cba493b7ab5774e87e31f 17fb047ba6828fcbdf2ca226fa4594cfded2b2fdfeaff89a5bd81c7cf0359919 Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.nicescroll.min.js	65 kB	2023-03-07	2024-04-29
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.nicescroll.min.js IP 103.155.16.137 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:38 Last Seen2024-04-29 19:52:04 Times Seen13029 Hash b5bc8cd626b389bde727a91e6ce79436 3df6c39300ac286cf596b3bda273cb39ff825429 a1eb48eeb3b3f2ba41940d3041464f0b386b7a7c4a8acb42f3017e691f4b116e Loading...

	7003659.com:8989/	6 B	2023-03-07	2024-04-29
Pretty URL 7003659.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14:38 Last Seen2024-04-29 19:52:04 Times Seen7237 Hash edaddb8132e9e0880252c5b6c47bf1c1 dc08b5b6ca432b46cca94f1f297491e1b08736ea b98809417c0240085bf70f2a1127f0b622c1514651737e7e4ffac4b39e4da17e Loading...

	7003659.com:8989/	1.8 kB	2023-04-05	2024-04-29
Pretty URL 7003659.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 18:30:47 Last Seen2024-04-29 19:52:04 Times Seen6349 Hash 9f1681b5a72417b33c2869aab85af152 b40a6d9c6d058c2bd6e126a1b0191182926b9d04 eabdfd0c5237f406e0acbef879968e72e5e3d62dd8e8b6bcee48e5ab7f4d0154 Loading...

	7003659.com:8989/	2.6 kB	2023-11-23	2024-04-29
Pretty URL 7003659.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-23 15:36:17 Last Seen2024-04-29 19:52:04 Times Seen2046 Hash 9c3f7d9e5de3b764c32a679ad06ae3db 9ab260e36b46c6ca6f58066ee914f3826d86a37f fefe9a763127c0f92edfe95be1000aeed2eda7690482769c90dc9488dbe5d33a Loading...

	7003659.com:8989/commonPage/lan/i18n.js?t=1713289906.803	1.3 kB	2024-04-16	2024-04-16
Pretty URL 7003659.com:8989/commonPage/lan/i18n.js?t=1713289906.803 IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 19:52:24 Last Seen2024-04-16 19:52:24 Times Seen2 Hash 86627483bdbd961ee6d157518a33c980 0838ee81db4a3eb5a61d4001e990691e8d66e4fc e8f9958f7a28d41bff04b9680dc15a69d4d45c15583d66efadcf0007dd697566 Loading...

	7003659.com:8989/	128 kB	2024-04-11	2024-04-28
Pretty URL 7003659.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-11 18:25:17 Last Seen2024-04-28 20:00:52 Times Seen12 Hash e41959090611aa8a48ea9489d9531b7b 804137f05a5200ed1eb5fef7952a8c6ea4bbfc58 1d3db7de054669aae72754b28ede550716a3e3a775ac07a7bd7168633785e6b7 Loading...

	7003659.com:8989/	1.4 kB	2023-08-21	2024-04-29
Pretty URL 7003659.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-21 11:10:45 Last Seen2024-04-29 19:52:04 Times Seen3732 Hash 479c01001c455527cf2aafec087accad 230c5d853a00977d890c25cb56b5a07c5e0acd0e 0ad2a7081ff475ce3a2068fe69547248166c0fd39f26fbf03f2ac5db073a16cf Loading...

	7003659.com:8989/	3.5 kB	2023-10-24	2024-04-29
Pretty URL 7003659.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-24 11:42:08 Last Seen2024-04-29 19:52:04 Times Seen2826 Hash 7932637ac9b0a1125acfaeffa837b6af 01107a42cef642f68e70ef30502ecb6c0de6a0d6 f938651bd7efeb3c523dcca3df1c9a0cc63b12f604816c8e49636fda5b1b1c7e Loading...

	7003659.com:8989/	2.0 kB	2023-11-22	2024-04-29
Pretty URL 7003659.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-22 16:18:01 Last Seen2024-04-29 19:52:04 Times Seen2055 Hash dd4934ec50598a49950c57836d268ba9 9830d9f40b0baf411ea1e7b7a4b65675cf35ae04 89e8ae92a48e530a676704a7858edcc65fdd1488e39280ba8da4cb80dc5729d5 Loading...

	vue.livehelp100service.com/visitorside/js/bundle.1d434ade.js	572 kB	2024-04-12	2024-04-18
Pretty URL vue.livehelp100service.com/visitorside/js/bundle.1d434ade.js IP 143.204.55.116 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-12 05:48:51 Last Seen2024-04-18 07:10:16 Times Seen65 Hash 8b73f524e6dd556977d98de5b7cd6729 640bf60ac5dad28aa895edb99e46589669c00504 faa4dd5c6a019c6fea61b6e63b21d77c763dd62d8f285b6524068fd824adf005 Loading...

	7003659.com:8989/message_zh_CN.js?v=1712742347025	32 kB	2023-12-07	2024-04-29
Pretty URL 7003659.com:8989/message_zh_CN.js?v=1712742347025 IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-07 04:18:39 Last Seen2024-04-29 19:52:03 Times Seen1648 Hash 879e0d38aaa72a30c1987722f24ef0ff a71947b06e5ff779946d15db8877a103a5432036 fd47dca609ede55de5f51d756c967b63f0d223330e6eef19df0c3659e1bd9a55 Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/moment.js	117 kB	2023-07-29	2024-04-29
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/moment.js IP 103.155.16.137 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-29 10:21:40 Last Seen2024-04-29 19:52:04 Times Seen8703 Hash 36c8f828395a9395549bd6e7307cb7e9 f30a4961558e2d3d4405e7d93aa28fdb63245e78 5d5e32fa1e06a0bc9396f349d142ad248e82086543e438c890e43f41e692db33 Loading...

	7003659.com:8989/	670 B	2023-03-13	2024-04-28
Pretty URL 7003659.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 22:03:15 Last Seen2024-04-28 20:00:52 Times Seen1063 Hash 7efee0000e2aff5b32e62b7db0849a40 26cb4ec84240ffeb29d0786d2c6846b35e64f129 f342e58445840e28eac2b59151d0f86726e46e91b770b1b0f20e647e52493e23 Loading...

	7003659.com:8989/	54 B	2024-03-04	2024-04-28
Pretty URL 7003659.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-04 06:28:57 Last Seen2024-04-28 20:00:52 Times Seen17 Hash 4e90bdf9734343c5f2c8c1fbf543749a 176ad3f92fb47dee729318536c8c6f0e8d0d2deb f0772f05235599860d5b85eea7bc06d0cb567352292d7ef56266eb6d6e9382db Loading...

	3dsa62.gaokejd.xyz/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js	15 kB	2023-03-07	2024-04-29
Pretty URL 3dsa62.gaokejd.xyz/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js IP 103.155.16.137 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:38 Last Seen2024-04-29 19:52:04 Times Seen12791 Hash 4fe7dadf050dad2dcfd386d21b880281 07e7feb8dc9309fe66d86d7a9e27f8efd32ab0bd aa891aafe8e98e1e15d81b2b116e6c3808d0bbbec56cd24818e2e7ac911877c9 Loading...

	7003659.com:8989/	6.0 kB	2023-08-02	2024-04-29
Pretty URL 7003659.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-02 04:42:13 Last Seen2024-04-29 19:52:04 Times Seen4245 Hash e6ea297058f6d52d83390d9ea7f914aa 349df987c3c4c50687d993b31f83cfea7f796730 2f21ca2376a9112f70c12ecc46d75ff792b067f5edceae5ea06011c13cf14e56 Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.super-marquee.js	4.4 kB	2023-03-07	2024-04-29
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.super-marquee.js IP 103.155.16.137 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:38 Last Seen2024-04-29 19:52:04 Times Seen12791 Hash f77d83590bc0a69298f2fbcc5d9911cd 1d6aa25d7052f53ad0181385e5efe72f224bbdb9 1d042b9441e860ddcc01b9e9e5e8d354121ee0e31b47f6e18a321e2e633d22e7 Loading...

	7003659.com:8989/	390 B	2023-04-05	2024-04-29
Pretty URL 7003659.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 18:30:47 Last Seen2024-04-29 19:52:04 Times Seen6312 Hash 4e6bbb84979a27014e74be230fe8440f aafe0c1dba07e91354abfb25d154c0acbed24d61 03e9af072f4db23c6c6cd74a89c796a3c764731da4734682f3ccfc07e0e54e74 Loading...

	3dsa62.gaokejd.xyz/061410/rcenter/common/static/js/gb.validation.min.js?v=1712742347025	33 kB	2023-04-05	2024-04-29
Pretty URL 3dsa62.gaokejd.xyz/061410/rcenter/common/static/js/gb.validation.min.js?v=1712742347025 IP 103.155.16.137 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 18:30:47 Last Seen2024-04-29 19:52:04 Times Seen6485 Hash a55780dc13cbf1a8d375f14ebb659cf2 9548cc269bcde0dc48e166fa6bab37af8a649e57 35d147a863ab8828e073ca1ae89d476a9cede797c410ac555597c1f442452cc8 Loading...

	vue.livehelp100service.com/visitorside/js/Button.54c74e79.js	9.8 kB	2024-04-12	2024-04-18
Pretty URL vue.livehelp100service.com/visitorside/js/Button.54c74e79.js IP 143.204.55.116 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-12 05:48:52 Last Seen2024-04-18 07:10:16 Times Seen34 Hash d1cbe0efe2296717a3acf18f86475158 183709bad92e8fe443bdf781247e48cc1203272e 40ec498ece4fd9936cfea0c99808f4264bf44501979e9d40b8f0d27d2e3fe14c Loading...

	sdk.51.la/js-sdk-pro.min.js	34 kB	2023-04-05	2024-04-29
Pretty URL sdk.51.la/js-sdk-pro.min.js IP 47.246.44.238 ASN #24429 Zhejiang Taobao Network Co.,Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 07:31:50 Last Seen2024-04-29 18:04:52 Times Seen14393 Hash 8fc0b01d35300e8398d6e957987c01e7 f1eb32c75b8d8e4b0555ebc2a5f5d1d60296f41e b164aafa0bb83dfe511912ca2ca475880bfffac8d8f098c947fd3d4af440d3a4 Loading...

	7003659.com:8989/	5.6 kB	2024-03-31	2024-04-28
Pretty URL 7003659.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-31 19:52:05 Last Seen2024-04-28 20:00:52 Times Seen16 Hash 6e4e5e70aa8fa5fd7f69482740d1d02f 8d46b4c3a08edbca6c1ba8674e9756a5e089c774 fe41b645fdf645367d5fc4c34fb4abee6e553892884d114ff7511cf7834aaeb0 Loading...

	7003659.com:8989/	3.1 kB	2023-04-14	2024-04-28
Pretty URL 7003659.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-14 20:29:14 Last Seen2024-04-28 20:00:52 Times Seen1061 Hash f700df2334d8195b4584feded7648cdf 18a3fea50c79783ab326011e6f1ad66492e48e09 be1f7d35fed5603c06720e019aec71584c1ca16caa2591641f8c515f7b141a4d Loading...

	vue.livehelp100service.com/visitorside/js/vendor.5d363f80.js	114 kB	2024-04-12	2024-04-18
Pretty URL vue.livehelp100service.com/visitorside/js/vendor.5d363f80.js IP 143.204.55.116 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-12 05:48:51 Last Seen2024-04-18 07:10:17 Times Seen52 Hash fa09b2e3fcd5732cbc73a5da033b9fb3 8d7f44de8f0a89d711b5f88f05a0ae124877ab84 0e25988044fb383ccc43914b2754165602e8eebf3116425af22a31b5bb0e598f Loading...

	3dsa62.gaokejd.xyz/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js	28 kB	2023-04-05	2024-04-29
Pretty URL 3dsa62.gaokejd.xyz/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js IP 103.155.16.137 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 18:30:47 Last Seen2024-04-29 19:52:04 Times Seen6373 Hash 9c41709c2b64126b909c101a27f39153 4ab666b36c092577acb41390ad90e96d5fea7711 c1963697eeafb63b6c29e95da2d38d91dd907ab656e130e6e1c34d1dcd149f60 Loading...

	7003659.com:8989/	122 kB	2024-03-31	2024-04-28
Pretty URL 7003659.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-31 19:52:05 Last Seen2024-04-28 20:00:52 Times Seen16 Hash 4ccc666c61b57415a243724af80b3816 dfc5649c2d6fd4027fe91e94c6ebc5a1631c5da7 d020b73c1995225a17d695a144a6a61c2c5c2d02967fc0c56ca9d7b83a14a81b Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/float.js	7.0 kB	2023-03-07	2024-04-29
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/float.js IP 103.155.16.137 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:38 Last Seen2024-04-29 19:52:04 Times Seen12795 Hash 829af863b0cdc4a603919824ae046299 1d417b1553e4ecb7125ebf2005b74255291fbf73 1dbe4afbc9ed220c08b9e95577b56f83e2e8e0f7620c5dc18266bb325e5bb271 Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/Comet.js	17 kB	2023-04-05	2024-04-29
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/Comet.js IP 103.155.16.137 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 18:30:47 Last Seen2024-04-29 19:52:04 Times Seen6388 Hash 1008fe6a5e1a182d7775963b85405bb2 e174a7b08cc3cb5545af1cd33d2814e604119392 7479f6f22194ac37dd6d3f5a579b4682ac8dcb6389fb961cf4140f3fcc707a20 Loading...

	3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/CometMarathon.js	12 kB	2023-04-05	2024-04-29
Pretty URL 3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/CometMarathon.js IP 103.198.200.1 ASN #138915 Kaopu Cloud HK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 18:30:47 Last Seen2024-04-29 19:52:04 Times Seen6383 Hash 466a7ed7d00986d45375c0cbffb5233c 68845ead668e9abd29c24b491dbf97b219226c08 7ddafae5a0a552d2d56101cdc8306403e8fb9570759d66c48b25893b409f0123 Loading...

	7003659.com:8989/	0 B	2023-03-07	2024-04-29
Pretty URL 7003659.com:8989/ IP 43.198.190.53 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-29 20:05:44 Times Seen37188536 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

		Size	First Seen	Last Seen
	#1 Write - d61c443b3f100c554709c1101067d1d9	377 B	2024-04-14	2024-04-16
Pretty Observations First Seen2024-04-14 19:31:18 Last Seen2024-04-16 19:52:24 Times Seen3 Hash d61c443b3f100c554709c1101067d1d9 04db97af82a7b14d8f52e5085b5e423925e7eabb 1b051dd82c065e6adeea42930fff4b7e6a2ae8f0a12da8c95ea96b21f8511fad Loading...

	#2 Write - d6984d3d96b020b0be0c099cb1999cee	234 B	2023-06-30	2024-04-29
Pretty Observations First Seen2023-06-30 02:57:58 Last Seen2024-04-29 19:52:04 Times Seen3452 Hash d6984d3d96b020b0be0c099cb1999cee 02de24d58a40ec3791f5f300e5101645d8635466 fc8efc42d8db0b2f6266e3524aea080b058eda5827e736cc37db95fd0f3547e4 Loading...

HTTP Transactions (137)

URL IP Response Size

7003659.com/

43.198.190.53

98 B

URL
7003659.com/
IP
43.198.190.53:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text
Size
98 B (98 bytes)
Hash
b8fc6095c2804d7de5f97de10c7aefdf
7d0fab13f70f1e493421b8f6b30e41d827e373e9
5b40a6719f9f2304e9bad1cb9be399518d008bac2ba29365fd8fe5001655be37

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 7003659.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:45 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Cache-Control: private, no-store, no-cache, must-revalidate, proxy-revalidate
Content-Encoding: gzip

7003659.com:8989/commonPage/lan/i18n.js?t=1713289906.803

43.198.190.53

200 OK

811 B

URL GET HTTP/1.1
7003659.com:8989/commonPage/lan/i18n.js?t=1713289906.803
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
ASCII text, with very long lines (1217)
Size
811 B (811 bytes)
Hash
86627483bdbd961ee6d157518a33c980
0838ee81db4a3eb5a61d4001e990691e8d66e4fc
e8f9958f7a28d41bff04b9680dc15a69d4d45c15583d66efadcf0007dd697566

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /commonPage/lan/i18n.js?t=1713289906.803 HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:47 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
uuid: 00141-01-00000000-17132899077ab1
out-line: gb-site-133
Content-Encoding: gzip

7003659.com:8989/message_zh_CN.js?v=1712742347025

43.198.190.53

200

9.9 kB

URL GET HTTP/1.1
7003659.com:8989/message_zh_CN.js?v=1712742347025
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
Unicode text, UTF-8 text, with very long lines (18069)
Size
9.9 kB (9892 bytes)
Hash
8e3a3463437bc8b56e112f0b87b6a0d0
dfaac70f23b58a771856460bb00aebc5fcadb2ce
0aa3002021c50dd94fcd0eb615a6735db1b54723503264f1c24985e0bcdd868b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /message_zh_CN.js?v=1712742347025 HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Tue, 16 Apr 2024 17:51:47 GMT
Content-Type: application/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:47 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: 00141-01-00000000-1713289907a914
out-line: gb-site-133

7003659.com:8989/

43.198.190.53

200 OK

117 kB

URL User Request GET HTTP/1.1
7003659.com:8989/
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (470)
Size
117 kB (117310 bytes)
Hash
f5f02c76b5d91ef9f9e76b36d882c655
3101b446a4f631c050f53ded69fcb1a2e482cdf9
b0747feaac4720f7e9ff66710fa20aa55923de58793db70536af68a9a23b3e1e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:46 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-html-cache: HIT-3600
X-Frame-Options: SAMEORIGIN
uuid: -
out-line: gb-site-133
Content-Encoding: gzip

sdk.51.la/js-sdk-pro.min.js

47.246.44.238

200 OK

13 kB

URL GET HTTP/2
sdk.51.la/js-sdk-pro.min.js
IP
47.246.44.238:443
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

Requested by
https://7003659.com:8989/
Certificate
IssuerGlobalSign nv-sa
Subject*.51.la
Fingerprint9E:F3:EB:9A:59:E9:6D:6E:48:13:64:78:3C:33:1D:AA:79:52:5B:79
ValidityThu, 20 Apr 2023 01:12:57 GMT - Tue, 21 May 2024 01:12:56 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (34110)
Size
13 kB (12846 bytes)
Hash
24bb520e9517f2ed3ed987b46aeaf723
846723563d7dd2bff3954f93633b11af0103adc8
d1f1bfe698f2ffb7b3e7a885a301d58f9554d45df0a31c3e8b53c84b33c80d27

HTTP Headers

GET /js-sdk-pro.min.js HTTP/1.1
Host: sdk.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 12846
date: Mon, 15 Apr 2024 18:22:53 GMT
x-oss-request-id: 661D707DDDD87E393288449D
x-oss-cdn-auth: success
accept-ranges: bytes
x-oss-object-type: Normal
x-oss-storage-class: Standard
content-md5: JLtSDpUX8u0+2Ye0aur3Iw==
x-oss-server-time: 3
ali-swift-global-savetime: 1713205373
via: cache15.l2de2[0,0,304-0,H], cache6.l2de2[0,0], ens-cache18.se2[0,0,200-0,H], ens-cache14.se2[1,0]
vary: Accept-Encoding
last-modified: Thu, 08 Jun 2023 02:24:34 GMT
x-oss-hash-crc64ecma: 5143829838470429443
content-encoding: gzip
age: 84535
x-cache: HIT TCP_MEM_HIT dirn:6:7882094
x-swift-savetime: Mon, 15 Apr 2024 18:23:21 GMT
x-swift-cachetime: 1295972
access-control-allow-origin: *
timing-allow-origin: *
eagleid: 2ff62ca217132899089393983e
X-Firefox-Spdy: h2

3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-base.css

103.155.16.137

200 OK

17 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-base.css
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
Unicode text, UTF-8 text, with very long lines (12023)
Size
17 kB (17110 bytes)
Hash
5467e94a0a94d39cf935bbf4425b984a
82f7b89fd9e975a2e47bfc1d626e881379b97220
5b4a9404f015f018f983fec18ad9f8b715b9c4f9fce49a46b4a4f7c4713f823e

HTTP Headers

GET /ftl/commonPage/themes/gui-base.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 17110
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-06
ETag: W/"65d45763-1456b"
Date: Sun, 17 Mar 2024 20:02:39 GMT
Last-Modified: Tue, 20 Feb 2024 07:40:19 GMT
Expires: Tue, 16 Apr 2024 20:02:39 GMT
Age: 2584150
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-06, HIT from KS-CLOUD-XJP-FOREIGN-21-17
X-Cdn-Request-ID: a2d3e53d2cf97870ca9a0ec45391e355

3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-skin-default.css

103.155.16.137

200 OK

6.3 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-skin-default.css
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (7014)
Size
6.3 kB (6253 bytes)
Hash
4f6eba52b6bdba2bd8154d39c61fcaab
11a91e977ab64175dc2ec233d45c6cf9d34798b0
b4ae8f84403e1e8ea7f75cac8491e461ac6e5524260a04d772d53dd912f8e53a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/themes/gui-skin-default.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 6253
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-05
ETag: W/"64ad1569-7b6e"
Date: Fri, 22 Mar 2024 04:50:13 GMT
Last-Modified: Tue, 11 Jul 2023 08:40:09 GMT
Expires: Sun, 21 Apr 2024 04:50:13 GMT
Age: 2206896
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-05, HIT from KS-CLOUD-XJP-FOREIGN-21-06
X-Cdn-Request-ID: 446075dce2fe8da481cf9e5459abbd5e

3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/style/bootstrap-dialog.min.css

103.155.16.137

200 OK

630 B

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/style/bootstrap-dialog.min.css
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
ASCII text
Size
630 B (630 bytes)
Hash
304eb84809c6637b7cdd0dc6225c5761
e724aff10b16dc82bf1086cd3b70d8396f630d64
cb1d0b332c0218bbb360fd25d693f88293b54389caf88c36ffcfd8adc948d0e4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/themes/style/bootstrap-dialog.min.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 630
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-08
ETag: W/"6153e3b6-adc"
Date: Fri, 22 Mar 2024 04:50:12 GMT
Last-Modified: Wed, 29 Sep 2021 03:55:34 GMT
Expires: Sun, 21 Apr 2024 04:50:12 GMT
Age: 2206897
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-08, HIT from KS-CLOUD-XJP-FOREIGN-21-05
X-Cdn-Request-ID: 87ae62009bcc2c930d2a129dbed77edd

3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/style/common.css

103.155.16.137

200 OK

13 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/style/common.css
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
assembler source, Unicode text, UTF-8 (with BOM) text, with very long lines (532)
Size
13 kB (12593 bytes)
Hash
d85714aa13b8df3bbe47562a0a5b0a82
e1dd836dc82ce5c0e8586bf837a90b2efb55916a
02f1ef82366e3bb0fb19f6e5f967e5c63ea857d53803aedcf6cb8f79ee7d4ac2

HTTP Headers

GET /ftl/bet365-141-2/themes/style/common.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 12593
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-08
ETag: W/"65138f5d-d024"
Date: Fri, 22 Mar 2024 04:50:12 GMT
Last-Modified: Wed, 27 Sep 2023 02:11:41 GMT
Expires: Sun, 21 Apr 2024 04:50:12 GMT
Age: 2206897
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-08, HIT from KS-CLOUD-XJP-FOREIGN-21-20
X-Cdn-Request-ID: 2e5ed3a0b0a1591120844a5ade4519ea

3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/style/swiper-4.3.3.min.css

103.155.16.137

200 OK

3.1 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/style/swiper-4.3.3.min.css
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
ASCII text, with very long lines (19512)
Size
3.1 kB (3094 bytes)
Hash
f29b1aec530d4ecb1255894948203345
ec15a3a265c1556fae8f9553d371423df9653c50
f476606c821fd23ba0fcae1845e3e45ae39f6040921de2d96698ad7d1e922f3e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/themes/style/swiper-4.3.3.min.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 3094
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-04
ETag: W/"6153e3b6-4d3d"
Date: Fri, 22 Mar 2024 04:50:15 GMT
Last-Modified: Wed, 29 Sep 2021 03:55:34 GMT
Expires: Sun, 21 Apr 2024 04:50:15 GMT
Age: 2206894
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-04, HIT from KS-CLOUD-XJP-FOREIGN-21-20
X-Cdn-Request-ID: 1140a66fe9000de747c72e6d15bb1aee

3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-layer.css

103.198.200.1

200 OK

6.9 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-layer.css
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
Unicode text, UTF-8 text, with very long lines (489)
Size
6.9 kB (6923 bytes)
Hash
858eefc3fa70af7d0115c901908471f5
29c181bbbc09a424f7de7cb57629bd8a9e3c679a
9f6a77c93f998e065f1ed52eb9943a3c560a50366bba2c8a34a4a1223c793caf

HTTP Headers

GET /ftl/commonPage/themes/gui-layer.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-base.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 6923
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"64ddd5e1-c760"
Date: Tue, 16 Apr 2024 09:54:29 GMT
Last-Modified: Thu, 17 Aug 2023 08:10:09 GMT
Expires: Thu, 16 May 2024 09:54:29 GMT
Age: 28641
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-04
X-Cdn-Request-ID: 8d20f98e70fdeb4ebc063fe8a4c4b5e6

3dsa62.gaokejd.xyz/ftl/commonPage/themes/hongbao.css

103.155.16.137

200 OK

5.7 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/themes/hongbao.css
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
Unicode text, UTF-8 text, with very long lines (336)
Size
5.7 kB (5666 bytes)
Hash
499a3a64bcf22609681f5337a6360c80
fc05a8a391c8375ea4e47183eca56a18bed8fca7
5339bf22971b6400e64154decc06b84fd4be337c2758cc7ca565756c92c97894

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/themes/hongbao.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-base.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 5666
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-04
ETag: W/"64252e4f-d530"
Date: Fri, 22 Mar 2024 04:50:14 GMT
Last-Modified: Thu, 30 Mar 2023 06:38:07 GMT
Expires: Sun, 21 Apr 2024 04:50:14 GMT
Age: 2206895
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-04, HIT from KS-CLOUD-XJP-FOREIGN-21-07
X-Cdn-Request-ID: 8d3303ed4d90a88fd574d7aa29010c1d

3dsa62.gaokejd.xyz/ftl/commonPage/js/float.js

103.155.16.137

200 OK

1.9 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/float.js
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
1.9 kB (1929 bytes)
Hash
829af863b0cdc4a603919824ae046299
1d417b1553e4ecb7125ebf2005b74255291fbf73
1dbe4afbc9ed220c08b9e95577b56f83e2e8e0f7620c5dc18266bb325e5bb271

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/float.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 1929
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-07
ETag: W/"612747ba-1b2f"
Date: Fri, 22 Mar 2024 04:50:14 GMT
Last-Modified: Thu, 26 Aug 2021 07:50:18 GMT
Expires: Sun, 21 Apr 2024 04:50:14 GMT
Age: 2206895
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-07, HIT from KS-CLOUD-XJP-FOREIGN-21-08
X-Cdn-Request-ID: 9304fc521479356db7acb9fd569dcddd

3dsa62.gaokejd.xyz/ftl/commonPage/js/idangerous.swiper.min.js

103.155.16.137

200 OK

12 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/idangerous.swiper.min.js
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, ASCII text, with very long lines (32034)
Size
12 kB (11957 bytes)
Hash
f15409fb02c527ce1f66a2fd3c4aa0e9
1e1e1bcc0f49e99e14ba34991cffe0745178d302
1a1b5d3d6fbfc28abe37a668abd59494208c63c5f0b5d040cf4bbbd137f87c27

HTTP Headers

GET /ftl/commonPage/js/idangerous.swiper.min.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 11957
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-01
ETag: W/"64d5b951-b083"
Date: Fri, 22 Mar 2024 04:50:14 GMT
Last-Modified: Fri, 11 Aug 2023 04:30:09 GMT
Expires: Sun, 21 Apr 2024 04:50:14 GMT
Age: 2206895
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-01, HIT from KS-CLOUD-XJP-FOREIGN-21-09
X-Cdn-Request-ID: 1c77f5973fd6aa6cdb7e1124cdbaa73c

3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery-1.11.3.min.js

103.155.16.137

200 OK

34 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery-1.11.3.min.js
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, ASCII text, with very long lines (32038)
Size
34 kB (33545 bytes)
Hash
b091a47f6b91e26c93a848092c6f3788
52918af2d431e73464060b35d364640c8db75606
329ab92b9276ef4e3148f69be6b208969bebdf2db3121a589caa172453fd9f10

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/jquery/jquery-1.11.3.min.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 33545
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-01
ETag: W/"5d848f4f-176d4"
Date: Fri, 22 Mar 2024 04:50:15 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sun, 21 Apr 2024 04:50:15 GMT
Age: 2206894
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-01, HIT from KS-CLOUD-XJP-FOREIGN-21-03
X-Cdn-Request-ID: 429bbeebf7b0237212beb0594bebc7df

3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/CometMarathon.js

103.198.200.1

200 OK

3.3 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/CometMarathon.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
3.3 kB (3316 bytes)
Hash
3b4680db1e065116488f065419ca9f58
6c646601c5656ff6cb1fdf9d5b95823f41e9bcfa
e2bfb9fc21f2a1a6e33c7c5ed20de13ef2ef4bcf266aa4b2e6f2fee06f8f4eaf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/websocket/CometMarathon.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 3316
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: W/"6260ddd4-2f13"
Date: Tue, 16 Apr 2024 09:54:29 GMT
Last-Modified: Thu, 21 Apr 2022 04:30:12 GMT
Expires: Thu, 16 May 2024 09:54:29 GMT
Age: 28640
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
Content-Encoding: gzip
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-01
X-Cdn-Request-ID: b876d0899eaf10ce363717b6f1e027c9

3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/PopUp.js

103.155.16.137

200 OK

797 B

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/PopUp.js
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
Unicode text, UTF-8 text
Size
797 B (797 bytes)
Hash
07864ad2e2759d53f8f2f14dd4295bd9
95144219e2eb702c4c4a707c3622b086876cf41c
871bf30791bb89605b61cea815c3786246274b65ede3b8a8b8c2dd9244cfa89d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/websocket/PopUp.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 797
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-08
ETag: W/"6260ddd4-828"
Date: Fri, 22 Mar 2024 04:50:14 GMT
Last-Modified: Thu, 21 Apr 2022 04:30:12 GMT
Expires: Sun, 21 Apr 2024 04:50:14 GMT
Age: 2206895
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-08, HIT from KS-CLOUD-XJP-FOREIGN-21-20
X-Cdn-Request-ID: dc0e1b95d925a26e62e4e0b550a377da

3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/Comet.js

103.155.16.137

200 OK

4.0 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/websocket/Comet.js
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
4.0 kB (4031 bytes)
Hash
4de3e8bcf2f02d60519ca0d3584d3b8e
6323c2bf18b1bbf968e164bdf2e58d7677f67f8a
6cf6e96f51f13834e233bee9a9040f6eff70601dc0b755e60885b20550b35a9f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/websocket/Comet.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 4031
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-04
ETag: W/"60f60fb5-43bc"
Date: Fri, 22 Mar 2024 04:50:14 GMT
Last-Modified: Mon, 19 Jul 2021 23:50:13 GMT
Expires: Sun, 21 Apr 2024 04:50:14 GMT
Age: 2206895
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-04, HIT from KS-CLOUD-XJP-FOREIGN-21-10
X-Cdn-Request-ID: e01acb03977126f4643929163a79a0a0

3dsa62.gaokejd.xyz/ftl/commonPage/js/lazyload.js

103.155.16.137

200 OK

2.7 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/lazyload.js
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
2.7 kB (2731 bytes)
Hash
58f1a7fa1a19b0e5ad0a5bad974b98cf
6963ce7378e6c992de06e7e77d79432a0d38f54d
fb513dceb383ebeda507b1e1cc89ab4d73de071d8aa4fc78bc22f66e7fc5a7e4

HTTP Headers

GET /ftl/commonPage/js/lazyload.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 2731
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-05
ETag: W/"64d05f66-2f79"
Date: Fri, 22 Mar 2024 04:50:14 GMT
Last-Modified: Mon, 07 Aug 2023 03:05:10 GMT
Expires: Sun, 21 Apr 2024 04:50:14 GMT
Age: 2206896
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
Content-Encoding: gzip
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-05, HIT from KS-CLOUD-XJP-FOREIGN-21-09
X-Cdn-Request-ID: 4e107ce1261017b1b3e6b0a2ee80c04d

3dsa62.gaokejd.xyz/ftl/commonPage/js/gui-base.js

103.155.16.137

200 OK

16 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/gui-base.js
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (11056)
Size
16 kB (15779 bytes)
Hash
4007cfe0a95df1d6a9f4252e636f995f
b0f9a2ad5c49b9b50ac5d025c8e9ce803eb5d7a8
4370313fa317e44140f85bba141ec24c2c9ef674593779d3349d2a44001699d0

HTTP Headers

GET /ftl/commonPage/js/gui-base.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 15779
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-09
ETag: W/"64ddbaed-ee5c"
Date: Fri, 22 Mar 2024 04:50:15 GMT
Last-Modified: Thu, 17 Aug 2023 06:15:09 GMT
Expires: Sun, 21 Apr 2024 04:50:15 GMT
Age: 2206894
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-09, HIT from KS-CLOUD-XJP-FOREIGN-21-17
X-Cdn-Request-ID: 0e6395f8e4435a042e8ae0013ad50e92

3dsa62.gaokejd.xyz/ftl/commonPage/js/bootstrap-dialog.min.js

103.155.16.137

200 OK

5.0 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/bootstrap-dialog.min.js
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, ASCII text, with very long lines (20132), with no line terminators
Size
5.0 kB (5007 bytes)
Hash
5ce8851dc823429a42ab6147554403cc
28f381f0e0aa4f5d56690e65723bd97fb59a38e6
dd1edf5e54071903c4c1e81e33636444899d645df6b18bad22249da07f91c811

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/bootstrap-dialog.min.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 5007
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-02
ETag: W/"5d848f4f-4ea4"
Date: Fri, 22 Mar 2024 04:50:14 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sun, 21 Apr 2024 04:50:14 GMT
Age: 2206896
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
Content-Encoding: gzip
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-02, HIT from KS-CLOUD-XJP-FOREIGN-21-12
X-Cdn-Request-ID: cd4761d5eba1b8431313e1ddcab38d9b

3dsa62.gaokejd.xyz/ftl/commonPage/js/layer.js

103.198.200.1

200 OK

7.6 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/layer.js
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (21922)
Size
7.6 kB (7599 bytes)
Hash
c42797aecccd5494e2b747cedf1a890b
b9e06a6d245b6a3c87f2753db0c9c9aa020640b2
56feab66e10b4718de666fc63941b4f36a5e553e8887d663e137e635add8beb3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/layer.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 7599
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: W/"5d848f4f-55f6"
Date: Tue, 16 Apr 2024 09:54:29 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 16 May 2024 09:54:29 GMT
Age: 28641
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-15
X-Cdn-Request-ID: 46c05d0c3c6476077b5f8578ecffd21d

3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.super-marquee.js

103.155.16.137

200 OK

1.4 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.super-marquee.js
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, ASCII text, with very long lines (4433), with no line terminators
Size
1.4 kB (1421 bytes)
Hash
f77d83590bc0a69298f2fbcc5d9911cd
1d6aa25d7052f53ad0181385e5efe72f224bbdb9
1d042b9441e860ddcc01b9e9e5e8d354121ee0e31b47f6e18a321e2e633d22e7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/jquery/jquery.super-marquee.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 1421
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-06
ETag: W/"5d848f4f-1151"
Date: Fri, 22 Mar 2024 04:50:14 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sun, 21 Apr 2024 04:50:14 GMT
Age: 2206896
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-06, HIT from KS-CLOUD-XJP-FOREIGN-21-18
X-Cdn-Request-ID: 57862d8e573906781196879a010c1c4f

3dsa62.gaokejd.xyz/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js

103.155.16.137

200 OK

7.7 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (27669)
Size
7.7 kB (7746 bytes)
Hash
f8c2b37c1dc626eede6a2e3e37aa4504
d4e8419497caa64c8a850ac4808dddb89b5eeb3f
728d63b799ab3d9bee5e987ad13f71aeb9d30ff78ed552c7edc425531c9c0f2a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 7746
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-01
ETag: W/"655579ca-6caf"
Date: Fri, 22 Mar 2024 04:50:14 GMT
Last-Modified: Thu, 16 Nov 2023 02:09:14 GMT
Expires: Sun, 21 Apr 2024 04:50:14 GMT
Age: 2206896
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-01, HIT from KS-CLOUD-XJP-FOREIGN-21-07
X-Cdn-Request-ID: 3f22a2cca5d2685ce1c55c2ee06429b7

3dsa62.gaokejd.xyz/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js

103.155.16.137

200 OK

4.1 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (14855), with no line terminators
Size
4.1 kB (4126 bytes)
Hash
4fe7dadf050dad2dcfd386d21b880281
07e7feb8dc9309fe66d86d7a9e27f8efd32ab0bd
aa891aafe8e98e1e15d81b2b116e6c3808d0bbbec56cd24818e2e7ac911877c9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 4126
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-08
ETag: W/"655579ca-3a09"
Date: Wed, 03 Apr 2024 12:06:11 GMT
Last-Modified: Thu, 16 Nov 2023 02:09:14 GMT
Expires: Fri, 03 May 2024 12:06:11 GMT
Age: 1143939
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-08, HIT from KS-CLOUD-XJP-FOREIGN-21-06
X-Cdn-Request-ID: 24a3433f802458ba2ed2f7946595fb19

3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.nicescroll.min.js

103.155.16.137

200 OK

17 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/jquery/jquery.nicescroll.min.js
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, ASCII text, with very long lines (64577)
Size
17 kB (17446 bytes)
Hash
b5bc8cd626b389bde727a91e6ce79436
3df6c39300ac286cf596b3bda273cb39ff825429
a1eb48eeb3b3f2ba41940d3041464f0b386b7a7c4a8acb42f3017e691f4b116e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/jquery/jquery.nicescroll.min.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 17446
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-07
ETag: W/"5d848f4f-fc8b"
Date: Fri, 22 Mar 2024 04:50:14 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sun, 21 Apr 2024 04:50:14 GMT
Age: 2206896
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-07, HIT from KS-CLOUD-XJP-FOREIGN-21-19
X-Cdn-Request-ID: 76b131c5a608b732ee7011be5ef284da

3dsa62.gaokejd.xyz/ftl/commonPage/themes/hb/css/pc.css

103.198.200.1

200 OK

911 B

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/themes/hb/css/pc.css
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
ASCII text
Size
911 B (911 bytes)
Hash
1da71520b7a0a61526a8fa8d0feb40d1
ba1bf69dad8783563328054cae58ccabf1b00829
5eb4d895bcb33061cda238c8ff4985ede69a866819b980c732cf3802ec101e8d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/themes/hb/css/pc.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 911
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: W/"5d848f4f-b5d"
Date: Tue, 16 Apr 2024 09:54:31 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 16 May 2024 09:54:31 GMT
Age: 28640
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-04
X-Cdn-Request-ID: b39cc9cd30b9eaa17c7fd2a5299a53ae

3dsa62.gaokejd.xyz/ftl/commonPage/js/theme/default/layer.css?v=3.1.0

103.155.16.137

200 OK

3.1 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/theme/default/layer.css?v=3.1.0
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
ASCII text
Size
3.1 kB (3111 bytes)
Hash
5cf9259b7dd27aacd46161ec23d261cf
ba0c399616a5ae9cdd8aec5b76ba4aae4822367c
7f73a66b3a9a38576d124b6243a8984d795028e3493b8fa3f688d8dbe10cbccc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/js/theme/default/layer.css?v=3.1.0 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 3111
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-03
ETag: W/"6131d862-48e4"
Date: Fri, 22 Mar 2024 04:50:15 GMT
Last-Modified: Fri, 03 Sep 2021 08:10:10 GMT
Expires: Sun, 21 Apr 2024 04:50:15 GMT
Age: 2206895
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-03, HIT from KS-CLOUD-XJP-FOREIGN-21-02
X-Cdn-Request-ID: 5981a3db069aacb39629fbbed265accb

3dsa62.gaokejd.xyz/ftl/commonPage/js/moment.js

103.155.16.137

200 OK

27 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/js/moment.js
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
27 kB (26968 bytes)
Hash
36c8f828395a9395549bd6e7307cb7e9
f30a4961558e2d3d4405e7d93aa28fdb63245e78
5d5e32fa1e06a0bc9396f349d142ad248e82086543e438c890e43f41e692db33

HTTP Headers

GET /ftl/commonPage/js/moment.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 26968
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-06
ETag: W/"64b633ca-1cab9"
Date: Fri, 22 Mar 2024 04:50:14 GMT
Last-Modified: Tue, 18 Jul 2023 06:40:10 GMT
Expires: Sun, 21 Apr 2024 04:50:14 GMT
Age: 2206896
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-06, HIT from KS-CLOUD-XJP-FOREIGN-21-17
X-Cdn-Request-ID: 4fd8e396b543f67680cc59a171f025e9

3dsa62.gaokejd.xyz/061410/rcenter/common/static/css/gb.validation.min.css

103.155.16.137

200 OK

3.8 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/061410/rcenter/common/static/css/gb.validation.min.css
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
Unicode text, UTF-8 text, with very long lines (2295)
Size
3.8 kB (3788 bytes)
Hash
f00ce0554efc5adea6a8e02d5e501cad
388840e376568b37ac0103aa5c87a268778db67a
3043f42fdd97ec607648da79c3abfa6f364404c7594143227c2541d1f0ac6069

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /061410/rcenter/common/static/css/gb.validation.min.css HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 3788
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-02
ETag: W/"633d510e-2d52"
Date: Fri, 22 Mar 2024 04:50:14 GMT
Last-Modified: Wed, 05 Oct 2022 09:40:30 GMT
Expires: Sun, 21 Apr 2024 04:50:14 GMT
Age: 2206896
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-02, HIT from KS-CLOUD-XJP-FOREIGN-21-04
X-Cdn-Request-ID: 5f088acb6499ddf724f64e5d4cb7be0f

3dsa62.gaokejd.xyz/061410/rcenter/common/static/js/gb.validation.min.js?v=1712742347025

103.155.16.137

200 OK

5.2 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/061410/rcenter/common/static/js/gb.validation.min.js?v=1712742347025
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (801)
Size
5.2 kB (5207 bytes)
Hash
30be40425b37bee4158676082cef1f4d
b41ed46721936872d5d7eadf303ce22938240d2a
f5ca5f543161a6b37ca2bf26c4f3c630fe08323108c77dac1fba6ce755ce6f47

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /061410/rcenter/common/static/js/gb.validation.min.js?v=1712742347025 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 5207
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-06
ETag: W/"633d510e-7fd7"
Date: Fri, 22 Mar 2024 04:50:14 GMT
Last-Modified: Wed, 05 Oct 2022 09:40:30 GMT
Expires: Sun, 21 Apr 2024 04:50:14 GMT
Age: 2206896
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-06, HIT from KS-CLOUD-XJP-FOREIGN-21-04
X-Cdn-Request-ID: 64fef0ae712783cf43e269aa6385bfcc

3dsa62.gaokejd.xyz/ftl/bet365-141-2/plugin/js/swiper-4.3.3.min.js

103.155.16.137

200 OK

32 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/plugin/js/swiper-4.3.3.min.js
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JavaScript source, ASCII text, with very long lines (65275)
Size
32 kB (31739 bytes)
Hash
317fd00903b68a157500b40495e8d74e
29ba73703d5c1d5390551e9fb230a3f1ace1437e
efac6fec2ba437b6a906e249fad9de3c7d3c105a48136b0155376b5989c4d76a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/plugin/js/swiper-4.3.3.min.js HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 31739
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-03
ETag: W/"614d2b23-1df6f"
Date: Fri, 22 Mar 2024 04:50:16 GMT
Last-Modified: Fri, 24 Sep 2021 01:34:27 GMT
Expires: Sun, 21 Apr 2024 04:50:16 GMT
Age: 2206895
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-03, HIT from KS-CLOUD-XJP-FOREIGN-21-21
X-Cdn-Request-ID: 17fa21750f644a59435a51afeae52e64

3dsa62.gaokejd.xyz/ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg

103.155.16.137

200 OK

6.9 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 168x168, components 3
Size
6.9 kB (6871 bytes)
Hash
99be4bfe275809d4e436b77c991b1381
54eadee77394eb62ccf377ae68d9f49acb5b6785
4ca35131972acdf420b94f0d64a5a0f504eb5a7b0e6fb7b8b467916a12aae37d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 6871
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-02
ETag: "5d848f4f-1ad7"
Date: Fri, 22 Mar 2024 04:50:15 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Sun, 21 Apr 2024 04:50:15 GMT
Age: 2206896
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-02, HIT from KS-CLOUD-XJP-FOREIGN-21-03
X-Cdn-Request-ID: 12eb1a4cd6fe3d87f71effb3420aeeb1

7003659.com:8989/mobile-api/v5/origin/getFloat.html

43.198.190.53

200

3.0 kB

URL POST HTTP/1.1
7003659.com:8989/mobile-api/v5/origin/getFloat.html
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
JSON text data
Size
3.0 kB (3001 bytes)
Hash
20d79b9eed78eee9e01d2e30b38ab875
a0583847a8f715a131e962cf8dcee6ef0bcf0641
4f2a6f24ef3ea25bfe817cad4b5e2d82e66bd6601b18301a8d957c3f9c06d4d4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /mobile-api/v5/origin/getFloat.html HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 68
Origin: https://7003659.com:8989
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Cookie: sticket=U9UQXVOREl1TVRVME
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Tue, 16 Apr 2024 17:51:51 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: route=1bd47f3fb2de4e856ef59c7ef0cfd5c8; Path=/
Access-Control-Allow-Origin: https://7003659.com:8989
Access-Control-Allow-Methods: *
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: Content-Type,Access-Token,X-Requested-With
Content-Disposition: inline;filename=f.txt
sub-sys: mobile
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
uuid: 00141-01-00000000-171328991179de
out-line: gb-site-133

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_38001.png

43.198.190.53

200 OK

23 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_38001.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
23 kB (23355 bytes)
Hash
14f7dbafc1472fa05db8eb17ae826f30
991915b5ae07c7a47e93dce0c6c82d0d0b690993
7287fcb933e5bf3eba0d13e7312cf5ba90f94c0593310090fdc521f866b0b134

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_10_38001.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:51 GMT
Content-Type: image/png
Content-Length: 23355
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-5b3b"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:51 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_HMSH.png

43.198.190.53

200 OK

20 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_HMSH.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
20 kB (19597 bytes)
Hash
82c905f14c36be0d2fa670516edded31
437546d720284de3982ff79df6a946b81e923371
f3cdfd33e75d6f3877e1e0da0491c2b2a65c66f95d434c6b08950b0b5d5b9cc6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_HMSH.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:51 GMT
Content-Type: image/png
Content-Length: 19597
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:26 GMT
ETag: "613c72be-4c8d"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:51 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT01.png

43.198.190.53

200 OK

26 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT01.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
26 kB (25819 bytes)
Hash
f7637fd9fb8b0dd130560efe9dfcc5ac
c6a6b30f73923175a88fb0c5685c7943ef934c2e
a647abf9fc56228cf6ab783115c113b35479dce89ff1dc4db61efb0bf3234cb4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT01.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:52 GMT
Content-Type: image/png
Content-Length: 25819
Connection: keep-alive
Last-Modified: Mon, 14 Aug 2023 10:05:04 GMT
ETag: "64d9fc50-64db"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:52 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/index/getAppsUrl.html?device=android&fPixelId=&accessToken=&apiVersion=

43.198.190.53

200

901 B

URL GET HTTP/1.1
7003659.com:8989/index/getAppsUrl.html?device=android&fPixelId=&accessToken=&apiVersion=
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
JSON text data
Size
901 B (901 bytes)
Hash
b3302d2036d66cefe8f3273ca9cad476
1a0f741e5e27f83af46b137170432d9123049e3d
0b897bc2ac14afd25c53d82abea52ac6ea67310f646fe14cd940b3fca06668ec

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/getAppsUrl.html?device=android&fPixelId=&accessToken=&apiVersion= HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Cookie: sticket=U9UQXVOREl1TVRVME
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Tue, 16 Apr 2024 17:51:52 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: route=98d89b53d4664b2b8f76fcfb49bcc69d; Path=/
Content-Disposition: inline;filename=f.txt
sub-sys: msite
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
uuid: 00141-01-00000000-17132899121512
out-line: gb-site-133

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_6.png

43.198.190.53

200 OK

22 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_6.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
22 kB (21622 bytes)
Hash
18fc529cc0b071eee9ab764c7b3cebf2
e79958322824752ee3be995515d242f3a65dbd15
7dc7c033a2391b021f70e5576b15806c1e3e73b2bf5a0beda751bbdff7513b7b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_9_6.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:51 GMT
Content-Type: image/png
Content-Length: 21622
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-5476"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:51 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/index/getUserTimeZoneDate.html?t=lv2okt36

43.198.190.53

200

119 B

URL GET HTTP/1.1
7003659.com:8989/index/getUserTimeZoneDate.html?t=lv2okt36
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
JSON text data
Size
119 B (119 bytes)
Hash
357921cb2e7e56e359b04481de6f672e
c4d89b287c52a2a7e3bf198ed0205a0e1943a60e
c5bf470b8df2b700b1fe99a5cd38594707e3b037ab23ae62878198e9e0a78286

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/getUserTimeZoneDate.html?t=lv2okt36 HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Cookie: sticket=U9UQXVOREl1TVRVME; route=98d89b53d4664b2b8f76fcfb49bcc69d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Tue, 16 Apr 2024 17:51:52 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 119
Connection: keep-alive
Content-Disposition: inline;filename=f.txt
sub-sys: msite
cachettl: 3
X-Frame-Options: SAMEORIGIN
uuid: 00141-01-00000000-171328991213b1
out-line: gb-site-133

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_25_F-SF01.png

43.198.190.53

200 OK

23 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_25_F-SF01.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
23 kB (22679 bytes)
Hash
2fbcb4a692fc6b41699f7e60ecf26a63
da35d134b38413040316f5cf1e5f76d75fd941c7
ccdecdf7de01b3b3513596f7c4555266473805551702685e14299770ae8bed26

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_25_F-SF01.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:52 GMT
Content-Type: image/png
Content-Length: 22679
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-5897"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:52 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/headerInfo.html?t=lv2oktc3

43.198.190.53

200

116 B

URL GET HTTP/1.1
7003659.com:8989/headerInfo.html?t=lv2oktc3
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
JSON text data
Size
116 B (116 bytes)
Hash
4c6add153ec796ceac610eae8e10ae24
8a64e0990ec93a1a1cd0af236a9b970e4e7e2438
aea7049b503ab7816fa5ceea38c32b8567094936783948d2e75cafa804139ba8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /headerInfo.html?t=lv2oktc3 HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Cookie: sticket=U9UQXVOREl1TVRVME; route=98d89b53d4664b2b8f76fcfb49bcc69d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Tue, 16 Apr 2024 17:51:52 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Disposition: inline;filename=f.txt
sub-sys: msite
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
uuid: 00141-01-00000000-1713289912d561
out-line: gb-site-133

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1050.png

43.198.190.53

200 OK

22 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1050.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
22 kB (21792 bytes)
Hash
0445397f922bcef3252bedd6877d8668
f4d265e0774ed0dbda4d4548863cd852c48c570f
3069757649a24fe38937eebf84c12b959ec4e58edf10cf2c661cc2ae433a40c0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1050.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:52 GMT
Content-Type: image/png
Content-Length: 21792
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-5520"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:52 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT05.png

43.198.190.53

200 OK

23 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT05.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
23 kB (23286 bytes)
Hash
993bbfdbad1c48f514367407a17d2a77
7d3db06be9d7912432c768fa5b23335264db002c
df044589914265a7b02cca67f876c01d20e5eb0d9e50bdb2e8af8e0994daeab7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AT05.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:52 GMT
Content-Type: image/png
Content-Length: 23286
Connection: keep-alive
Last-Modified: Mon, 14 Aug 2023 10:05:04 GMT
ETag: "64d9fc50-5af6"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:52 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AB3.png

43.198.190.53

200 OK

77 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AB3.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 249 x 215, 8-bit/color RGBA, non-interlaced
Size
77 kB (76813 bytes)
Hash
4efe93bd780474540b29c662acef4d68
2d588f15315c28feef52d101bff05d5a2071929d
e52983bbd04e43f83dccc17ccff1064098ae925ae651f753e59b1530a0e4d733

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_AB3.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:52 GMT
Content-Type: image/png
Content-Length: 76813
Connection: keep-alive
Last-Modified: Mon, 14 Aug 2023 10:05:04 GMT
ETag: "64d9fc50-12c0d"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:52 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_GO02.png

43.198.190.53

200 OK

22 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_GO02.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
22 kB (21953 bytes)
Hash
12f4870c1a8e51e39a6c8bfdd11ed804
47eb5ed8af8ae69595b8743e7a61d3fe825cc048
1f6c135cc810d561e52ad5ba9ca5cfda82897c82db0863ab366e62d5970b3883

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_GO02.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:53 GMT
Content-Type: image/png
Content-Length: 21953
Connection: keep-alive
Last-Modified: Thu, 23 Dec 2021 07:42:29 GMT
ETag: "61c42865-55c1"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:53 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/mobile-api/v5/chess/getActivityMsg.html?function=sign

43.198.190.53

200

140 B

URL GET HTTP/1.1
7003659.com:8989/mobile-api/v5/chess/getActivityMsg.html?function=sign
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
JSON text data
Size
140 B (140 bytes)
Hash
5d062bc93ef9d75b27e852ed745d170f
1ecf82a0589608b26ee6a29b2cc3229916596626
26e77aa8c61c230db13c8fd74d4ab3adf8be54c3192c4e16f94e633a71efc2e1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /mobile-api/v5/chess/getActivityMsg.html?function=sign HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Cookie: sticket=U9UQXVOREl1TVRVME; route=98d89b53d4664b2b8f76fcfb49bcc69d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Tue, 16 Apr 2024 17:51:53 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 140
Connection: keep-alive
Set-Cookie: route=181dd5ae39c7acd81ad5ca039c14a954; Path=/
Access-Control-Allow-Methods: *
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: Content-Type,Access-Token,X-Requested-With
Content-Disposition: inline;filename=f.txt
sub-sys: mobile
X-Frame-Options: SAMEORIGIN
uuid: 00141-01-00000000-17132899136ecb
out-line: gb-site-133

vue.livehelp100service.com/visitorside/js/common.65ab9e3e.js

143.204.55.116

200 OK

30 kB

URL GET HTTP/2
vue.livehelp100service.com/visitorside/js/common.65ab9e3e.js
IP
143.204.55.116:443
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerAmazon
Subject*.livehelp100service.com
Fingerprint63:B0:01:26:AE:72:99:B7:98:45:6B:15:1E:CE:05:7B:20:19:C3:2B
ValidityThu, 30 Nov 2023 00:00:00 GMT - Sun, 29 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (62331)
Size
30 kB (29538 bytes)
Hash
8d56a09901fd0c641df6266d979439bb
4ed2b6a1f13cedb73d62c6edfc1f5e1b85baee26
b38884d49c167f03722f6712400d9875f310e692441650fe0069eeae1c972049

HTTP Headers

GET /visitorside/js/common.65ab9e3e.js HTTP/1.1
Host: vue.livehelp100service.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://7003659.com:8989
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
date: Tue, 16 Apr 2024 03:15:33 GMT
server: nginx/1.22.1
last-modified: Wed, 10 Apr 2024 03:09:46 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
etag: W/"661602fa-13c35"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Ai1OdnsZUu0EJn2W5gAig7kMX6A6HgfMIbUKqKu305G0ePOWVijexw==
age: 52579
X-Firefox-Spdy: h2

7003659.com:8989/index/getUserTimeZoneDate.html?t=lv2oktmq

43.198.190.53

200

119 B

URL GET HTTP/1.1
7003659.com:8989/index/getUserTimeZoneDate.html?t=lv2oktmq
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
JSON text data
Size
119 B (119 bytes)
Hash
3aef1d260fb645c67d4e490efafdcb9d
0b173f5c8832cabdf26bdb4ccb7169c8b3726b7f
9c83e6f83c0001cda2d15fbe63917cf471693a7020778a5f33f6e4bde0723d5f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/getUserTimeZoneDate.html?t=lv2oktmq HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Cookie: sticket=U9UQXVOREl1TVRVME; route=98d89b53d4664b2b8f76fcfb49bcc69d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Tue, 16 Apr 2024 17:51:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 119
Connection: keep-alive
Content-Disposition: inline;filename=f.txt
sub-sys: msite
cachettl: 3
X-Frame-Options: SAMEORIGIN
uuid: 00141-01-00000000-17132899130335
out-line: gb-site-133

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_CC1001.png

43.198.190.53

200 OK

21 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_CC1001.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
21 kB (20993 bytes)
Hash
07db342d71e455736e0e8b5656ed7174
2d9bb7427a73a28f4bfec2a70dc227af4555968c
c1a35508763b061947ad0ea9eb9972b92b079c9510a2a746979dbffd84efde0f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_48_CC1001.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:53 GMT
Content-Type: image/png
Content-Length: 20993
Connection: keep-alive
Last-Modified: Wed, 30 Mar 2022 02:50:04 GMT
ETag: "6243c55c-5201"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:53 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_14.png

43.198.190.53

200 OK

20 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_14.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
20 kB (20462 bytes)
Hash
86f136869bc81df2a646e873bd23b46d
c40c25bbe820c39731d1c679653b28e119cbbadc
bfebb7307f1858837e6b61be64e46352b1ccd29bf982e9975886c9feda9f637f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_14.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:53 GMT
Content-Type: image/png
Content-Length: 20462
Connection: keep-alive
Last-Modified: Fri, 03 Feb 2023 02:46:55 GMT
ETag: "63dc759f-4fee"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:53 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1051.png

43.198.190.53

200 OK

23 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1051.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
23 kB (23172 bytes)
Hash
c2bad36f7d90b3d9d5077df183c0a80b
7890000fd16f911c2aa5223af3cddf3ed6c5f702
90b7d091ece32c042a2866eb7d6943d7e88148d3bb474eaff988a78942d6d3aa

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_35_1051.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:53 GMT
Content-Type: image/png
Content-Length: 23172
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-5a84"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:53 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/mobile-api/v5/origin/getThirdParam.html

43.198.190.53

200

103 B

URL GET HTTP/1.1
7003659.com:8989/mobile-api/v5/origin/getThirdParam.html
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
JSON text data
Size
103 B (103 bytes)
Hash
9ac55fe189e4f53f37156e563e0f542e
18b13b1360ce9fbd973e046d2652be38d58a15e0
d7e02321006e1520d4c3e8d26428462419388e022cc89f3c974d0b87ad83af7b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /mobile-api/v5/origin/getThirdParam.html HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Cookie: sticket=U9UQXVOREl1TVRVME; route=181dd5ae39c7acd81ad5ca039c14a954
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Tue, 16 Apr 2024 17:51:53 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 103
Connection: keep-alive
Access-Control-Allow-Methods: *
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: Content-Type,Access-Token,X-Requested-With
Content-Disposition: inline;filename=f.txt
sub-sys: mobile
X-Frame-Options: SAMEORIGIN
uuid: 00141-01-00000000-17132899136832
out-line: gb-site-133

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_10.png

43.198.190.53

200 OK

22 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_10.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
22 kB (21502 bytes)
Hash
548f74b6fbacfdafac2d13982ea01f5b
62056e33bd99fdb7a26ed1eb6e0d34baae75ab4b
8d23af5f64406af80c5f00bbe2806c0a696eee1b9fa144135a679cf7d15c27a9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_10.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:53 GMT
Content-Type: image/png
Content-Length: 21502
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-53fe"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:53 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10453/1709884327913.png?wsSecret=42d746e8812c92218c79047c414bcb42&wsTime=1713289911

103.155.16.137

200 OK

446 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10453/1709884327913.png?wsSecret=42d746e8812c92218c79047c414bcb42&wsTime=1713289911
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 850 x 214, 8-bit/color RGBA, non-interlaced
Size
446 kB (445653 bytes)
Hash
e7d4b3399a781fef78fc16347dd4b67c
5b614a8c1dd51f7fd090d5c5c40b9c1161a90415
cdbe3b34600272880c004ab8325e05fc717d0d2a3b0b81a2f297858d1c07f532

HTTP Headers

GET /fserver/files/gb/141/carousel/10453/1709884327913.png?wsSecret=42d746e8812c92218c79047c414bcb42&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 445653
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-09
ETag: "65eac3a7-6ccd5"
Date: Mon, 08 Apr 2024 10:40:51 GMT
Last-Modified: Fri, 08 Mar 2024 07:52:07 GMT
Expires: Wed, 08 May 2024 10:40:51 GMT
Age: 717061
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-206
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-09, HIT from KS-CLOUD-XJP-FOREIGN-21-05
X-Cdn-Request-ID: 900fc0a34b7fcaf73b20496df8fd1779

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_12.png

43.198.190.53

200 OK

26 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_12.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
26 kB (26500 bytes)
Hash
dc21406f53974241a6ea9d1ba342a0a3
d98181158619aa5993f35dc4821c26ea657c9c35
656f550c68b469776ebe40713d8556d43af391da6cc881918da5f6c983ba823f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_12.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:53 GMT
Content-Type: image/png
Content-Length: 26500
Connection: keep-alive
Last-Modified: Tue, 30 Nov 2021 08:28:44 GMT
ETag: "61a5e0bc-6784"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:53 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png

103.198.200.1

200 OK

1.3 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced
Size
1.3 kB (1321 bytes)
Hash
a2e938202c0287b9c82461a6fd94dee9
b5e2adc7cb07c18a70a88af314e56b946ec1a1b6
df9ce20db277ad8302c704a73aff5024683a0d38aff0d3e7e884a67a24439936

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/themes/images/layer-dialog/gui-layer-close-bg.png HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3dsa62.gaokejd.xyz/ftl/commonPage/themes/gui-layer.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 1321
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "5d848f4f-529"
Date: Tue, 16 Apr 2024 09:54:31 GMT
Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT
Expires: Thu, 16 May 2024 09:54:31 GMT
Age: 28641
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-11
X-Cdn-Request-ID: 2fdb05b557d1655174ef85e72ad25fac

7003659.com:8989/ftl/bet365-141-2/themes/images/hot.gif

43.198.190.53

200 OK

1.3 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/bet365-141-2/themes/images/hot.gif
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
GIF image data, version 89a, 16 x 21
Size
1.3 kB (1265 bytes)
Hash
98b6e28b9ec42fb2cfeeb767adf534b0
ec30e424f3b775ad1d9b80e8947a4646ee8c5af9
06011ce85e775ecfeda87eaca9ee6ac75cb9522cefe71448d8b04adc81bd9f67

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/bet365-141-2/themes/images/hot.gif HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Cookie: sticket=U9UQXVOREl1TVRVME; route=181dd5ae39c7acd81ad5ca039c14a954
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:53 GMT
Content-Type: image/gif
Content-Length: 1265
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
ETag: "5d2c7603-4f1"
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:53 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/game-api/v5/content/sportRecommended.html?t=lv2oku00

43.198.190.53

200

793 B

URL GET HTTP/1.1
7003659.com:8989/game-api/v5/content/sportRecommended.html?t=lv2oku00
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
JSON text data
Size
793 B (793 bytes)
Hash
102ec8ad185ec507e9e85682272a1763
250510c2a7d67828f8f3eec70affa2ff7d727d3e
7c17550acfbe46a4f14aca237c5e8acd89350c3731ea76457fe531b1edab057e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /game-api/v5/content/sportRecommended.html?t=lv2oku00 HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Cookie: sticket=U9UQXVOREl1TVRVME; route=181dd5ae39c7acd81ad5ca039c14a954
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Tue, 16 Apr 2024 17:51:53 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: route=c818d4f4451b0c3592b2d6eebdcb59c0; Path=/
Content-Disposition: inline;filename=f.txt
sub-sys: mobile
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
uuid: 00141-01-00000000-171328991370d6
out-line: gb-site-133

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_13.png

43.198.190.53

200 OK

26 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_13.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
26 kB (26179 bytes)
Hash
1ac91d4dfd52f26f9c5682cf67ac3f49
6ca58050b81ce1be80d3b0c749b60a79d8413b98
021c28d7d369afa39f3aeac128f91dd3f377fc910a35d76a2e9d2463093e3b44

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_13.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:54 GMT
Content-Type: image/png
Content-Length: 26179
Connection: keep-alive
Last-Modified: Mon, 25 Apr 2022 07:55:46 GMT
ETag: "62665402-6643"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:54 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31006.png

43.198.190.53

200 OK

20 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31006.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
20 kB (19766 bytes)
Hash
a678f783e25a467193ee4fa0252d5bf4
ffadbf4388ce2dc312c720e75f9b9d73c05e93cd
1421dad09cedb4c186e8b4ac1cc027955d52a9d268b29144d3d8f0d60d5ed075

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31006.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:54 GMT
Content-Type: image/png
Content-Length: 19766
Connection: keep-alive
Last-Modified: Wed, 10 May 2023 06:20:23 GMT
ETag: "645b37a7-4d36"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:54 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_11.png

43.198.190.53

200 OK

20 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_11.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
20 kB (19964 bytes)
Hash
d495fdd61d29ff61ff34fdccc5597d0f
95a2b5b377a239ccf2d5e5cc81534f79dbbbe033
08097b5ebe2de4f6d295aeb64fc72170c766ea81851e9baf96ff4de926fc678b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_49_11.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:54 GMT
Content-Type: image/png
Content-Length: 19964
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-4dfc"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:54 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31008.png

43.198.190.53

200 OK

20 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31008.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
20 kB (20172 bytes)
Hash
37070ea9397e4c9bfa4c6fa5e499de59
fd2237d48600d3a6acba5c8982c1d594962418d4
f3d50d3f597d6a23e42d069971e80a14851d7c996bbce674ed591c6e87b64bda

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_31008.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:54 GMT
Content-Type: image/png
Content-Length: 20172
Connection: keep-alive
Last-Modified: Wed, 10 May 2023 06:20:23 GMT
ETag: "645b37a7-4ecc"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:54 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/fserver/files/sportTeam/football/tj.png

43.198.190.53

200 OK

901 B

URL GET HTTP/1.1
7003659.com:8989/fserver/files/sportTeam/football/tj.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 150 x 150, 8-bit colormap, non-interlaced
Size
901 B (901 bytes)
Hash
807000ee4f6e1ea9870f25f8619499cb
166fbcfd39fd3955fe1bd0a99e2b25ca291a1e3d
47ae199f2a9f41157cbb9cd28f3e1dbd1b26b222f0c599b19740ebfcbeed68ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fserver/files/sportTeam/football/tj.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Cookie: sticket=U9UQXVOREl1TVRVME; route=c818d4f4451b0c3592b2d6eebdcb59c0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:54 GMT
Content-Type: image/png
Content-Length: 901
Connection: keep-alive
Last-Modified: Thu, 06 Dec 2018 09:14:10 GMT
ETag: "5c08e862-385"
Expires: Wed, 17 Apr 2024 17:51:54 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10322/1713267365579.jpeg?wsSecret=86404184ca76fd601cc20ffa39d98443&wsTime=1713289911

103.155.16.137

200 OK

182 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10322/1713267365579.jpeg?wsSecret=86404184ca76fd601cc20ffa39d98443&wsTime=1713289911
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
ISO Media, HEIF Image
Size
182 kB (181506 bytes)
Hash
6339d8fb21bdf1c9c8c5d931e4cd53dd
5b771cdf7553d7ad29141ffa77f1e411f1afd844
bad2dc6593eeff383812d28f31a5732829ae4414fb751f97cf1da04a215c088e

HTTP Headers

GET /fserver/files/gb/141/carousel/10322/1713267365579.jpeg?wsSecret=86404184ca76fd601cc20ffa39d98443&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 181506
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-04
ETag: "661e62a5-2c502"
Date: Tue, 16 Apr 2024 11:51:50 GMT
Last-Modified: Tue, 16 Apr 2024 11:36:05 GMT
Expires: Thu, 16 May 2024 11:51:50 GMT
Age: 21602
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: MISS from KS-CLOUD-XJP-12-04, HIT from KS-CLOUD-XJP-FOREIGN-21-10
X-Cdn-Request-ID: e39a0184a285a365818d6e9ee2f9e579

7003659.com:8989/fserver/files/gb/141/sportTeam/91/1713278360338.png

43.198.190.53

200 OK

4.1 kB

URL GET HTTP/1.1
7003659.com:8989/fserver/files/gb/141/sportTeam/91/1713278360338.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 260 x 173, 8-bit colormap, non-interlaced
Size
4.1 kB (4114 bytes)
Hash
1039fa30aac84c334a07ae183b7aec87
258ae6809540a5d5ce1f8cd61347677300cbf225
0586d0a3db6775f6ea5e07608b37f3666e5e297d24a9e45e3969f266f8b24209

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fserver/files/gb/141/sportTeam/91/1713278360338.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Cookie: sticket=U9UQXVOREl1TVRVME; route=c818d4f4451b0c3592b2d6eebdcb59c0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:54 GMT
Content-Type: image/png
Content-Length: 4114
Connection: keep-alive
Last-Modified: Tue, 16 Apr 2024 14:39:20 GMT
Vary: Accept-Encoding
ETag: "661e8d98-1012"
Expires: Wed, 17 Apr 2024 17:51:54 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10427/1703257608462.jpg?wsSecret=d88c708d44d199e01800673b66e663a2&wsTime=1713289911

103.155.16.137

200 OK

214 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10427/1703257608462.jpg?wsSecret=d88c708d44d199e01800673b66e663a2&wsTime=1713289911
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 694x520, components 3
Size
214 kB (213795 bytes)
Hash
b8b420645b1a7a0983f29816498cf728
901ad47a0af8b8b38223cc66a79b33bf03ee8150
5d5e407aae0a92447b617570b00b96f6e4f70be2d5743c5038355fa6aab6552c

HTTP Headers

GET /fserver/files/gb/141/carousel/10427/1703257608462.jpg?wsSecret=d88c708d44d199e01800673b66e663a2&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 213795
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-03
ETag: "6585a608-34323"
Date: Tue, 26 Mar 2024 00:31:42 GMT
Last-Modified: Fri, 22 Dec 2023 15:06:48 GMT
Expires: Thu, 25 Apr 2024 00:31:42 GMT
Age: 1876810
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-03, HIT from KS-CLOUD-XJP-FOREIGN-21-17
X-Cdn-Request-ID: 1c49bb1e1df2e8cf4a6a162292409a2d

7003659.com:8989/fserver/files/sportTeam/football/es01.png

43.198.190.53

200 OK

5.4 kB

URL GET HTTP/1.1
7003659.com:8989/fserver/files/sportTeam/football/es01.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 150 x 150, 8-bit colormap, non-interlaced
Size
5.4 kB (5408 bytes)
Hash
983c18cb56a419be908ca7cab354758f
ee1016673b1e529910ab0f0ef1fec036c12ef031
0e6f08f247de5b152cf21ba3078908f5bd7ec180c93cd4ec1afa21524434b2a7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fserver/files/sportTeam/football/es01.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Cookie: sticket=U9UQXVOREl1TVRVME; route=c818d4f4451b0c3592b2d6eebdcb59c0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:54 GMT
Content-Type: image/png
Content-Length: 5408
Connection: keep-alive
Last-Modified: Thu, 15 Nov 2018 09:00:58 GMT
Vary: Accept-Encoding
ETag: "5bed35ca-1520"
Expires: Wed, 17 Apr 2024 17:51:54 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

vue.livehelp100service.com/visitorside/js/vendor.5d363f80.js

143.204.55.116

200 OK

324 kB

URL GET HTTP/2
vue.livehelp100service.com/visitorside/js/vendor.5d363f80.js
IP
143.204.55.116:443
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerAmazon
Subject*.livehelp100service.com
Fingerprint63:B0:01:26:AE:72:99:B7:98:45:6B:15:1E:CE:05:7B:20:19:C3:2B
ValidityThu, 30 Nov 2023 00:00:00 GMT - Sun, 29 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65419)
Size
324 kB (323823 bytes)
Hash
fa09b2e3fcd5732cbc73a5da033b9fb3
8d7f44de8f0a89d711b5f88f05a0ae124877ab84
0e25988044fb383ccc43914b2754165602e8eebf3116425af22a31b5bb0e598f

HTTP Headers

GET /visitorside/js/vendor.5d363f80.js HTTP/1.1
Host: vue.livehelp100service.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://7003659.com:8989
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
date: Tue, 16 Apr 2024 03:10:35 GMT
server: nginx/1.22.1
last-modified: Wed, 10 Apr 2024 03:09:46 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
etag: W/"661602fa-1bed1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: kLRUn1kiMX0MahdshSuLIxOBVuXB3vGgoee0z56PJws34gdXtCkoRA==
age: 52877
X-Firefox-Spdy: h2

7003659.com:8989/fserver/files/sportTeam/football/fr01.png

43.198.190.53

200 OK

9.4 kB

URL GET HTTP/1.1
7003659.com:8989/fserver/files/sportTeam/football/fr01.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 150 x 150, 8-bit colormap, non-interlaced
Size
9.4 kB (9391 bytes)
Hash
b2bf9a59170bcbd3436d315719fcde85
1bae7e7ad86bd6c409b4f283b7a9a546572f776f
a38f96d6c1175bc94a8453074da115754e60ff0dde8601674f9f416981300175

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fserver/files/sportTeam/football/fr01.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Cookie: sticket=U9UQXVOREl1TVRVME; route=c818d4f4451b0c3592b2d6eebdcb59c0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:54 GMT
Content-Type: image/png
Content-Length: 9391
Connection: keep-alive
Last-Modified: Thu, 15 Nov 2018 09:06:38 GMT
Vary: Accept-Encoding
ETag: "5bed371e-24af"
Expires: Wed, 17 Apr 2024 17:51:54 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10459/1711602220846.jpg?wsSecret=b6f7c092d2414c93f3b190c654f63230&wsTime=1713289911

103.155.16.137

200 OK

379 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10459/1711602220846.jpg?wsSecret=b6f7c092d2414c93f3b190c654f63230&wsTime=1713289911
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 694x520, components 3
Size
379 kB (378941 bytes)
Hash
77a58c6f0a24be2e35eb52afe42774c6
c0602ab220ca5480afc82a7d522e5e93c6f285a8
9ca73ea7af85e0bc70e13f7bea8f103ecddadbfbbafb0e147459572e646795a5

HTTP Headers

GET /fserver/files/gb/141/carousel/10459/1711602220846.jpg?wsSecret=b6f7c092d2414c93f3b190c654f63230&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 378941
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-08
ETag: "6604fa2c-5c83d"
Date: Thu, 28 Mar 2024 06:29:39 GMT
Last-Modified: Thu, 28 Mar 2024 05:03:40 GMT
Expires: Sat, 27 Apr 2024 06:29:39 GMT
Age: 1682533
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: MISS from KS-CLOUD-XJP-12-08, HIT from KS-CLOUD-XJP-FOREIGN-21-06
X-Cdn-Request-ID: 8d57156b852513602762d5b3ddf2d5af

3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10307/1658300326348.png?wsSecret=cddf1ae51851caabcd86b39d8a3ded2a&wsTime=1713289911

103.155.16.137

200 OK

328 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10307/1658300326348.png?wsSecret=cddf1ae51851caabcd86b39d8a3ded2a&wsTime=1713289911
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 1400 x 1047, 8-bit colormap, non-interlaced
Size
328 kB (328303 bytes)
Hash
535172ad3a435afe80c33ed17cc592f9
7d8bc3efa5a46e12b54ee07d0428c5e3d0662fc4
f7b20469f299a0722ccc52bbecdba656f73435b4c827add798de38797a2c266e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /fserver/files/gb/141/carousel/10307/1658300326348.png?wsSecret=cddf1ae51851caabcd86b39d8a3ded2a&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 328303
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-05
ETag: "6379d6d4-5026f"
Date: Fri, 22 Mar 2024 04:50:16 GMT
Last-Modified: Sun, 20 Nov 2022 07:27:16 GMT
Expires: Sun, 21 Apr 2024 04:50:16 GMT
Age: 2206896
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-05, HIT from KS-CLOUD-XJP-FOREIGN-21-19
X-Cdn-Request-ID: 8c7689b79354eaa75a57622c9be89065

3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10456/1713266466963.jpeg?wsSecret=efc7650f345732a1756d84ef051c0d10&wsTime=1713289911

103.155.16.137

200 OK

166 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10456/1713266466963.jpeg?wsSecret=efc7650f345732a1756d84ef051c0d10&wsTime=1713289911
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
ISO Media, HEIF Image
Size
166 kB (166227 bytes)
Hash
077022ba856a086e8c2480635d1bac25
8abdc51495740a3ca78a02355e9f5ee274da7a76
3e7d255e5d36cae843eee39d85640c1bfe3eb74b4f3433cdc5877ee5d9ac8770

HTTP Headers

GET /fserver/files/gb/141/carousel/10456/1713266466963.jpeg?wsSecret=efc7650f345732a1756d84ef051c0d10&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 166227
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-05
ETag: "661e5f22-28953"
Date: Tue, 16 Apr 2024 11:22:18 GMT
Last-Modified: Tue, 16 Apr 2024 11:21:06 GMT
Expires: Thu, 16 May 2024 11:22:18 GMT
Age: 23375
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-206
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: MISS from KS-CLOUD-XJP-FOREIGN-12-05, HIT from KS-CLOUD-XJP-FOREIGN-21-08
X-Cdn-Request-ID: ba4a7c9f61d0bee81a37dce45d30f5d0

vue.livehelp100service.com/visitorside/js/bundle.1d434ade.js

143.204.55.116

200 OK

540 kB

URL GET HTTP/2
vue.livehelp100service.com/visitorside/js/bundle.1d434ade.js
IP
143.204.55.116:443
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerAmazon
Subject*.livehelp100service.com
Fingerprint63:B0:01:26:AE:72:99:B7:98:45:6B:15:1E:CE:05:7B:20:19:C3:2B
ValidityThu, 30 Nov 2023 00:00:00 GMT - Sun, 29 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65422)
Size
540 kB (540295 bytes)
Hash
8b73f524e6dd556977d98de5b7cd6729
640bf60ac5dad28aa895edb99e46589669c00504
faa4dd5c6a019c6fea61b6e63b21d77c763dd62d8f285b6524068fd824adf005

HTTP Headers

GET /visitorside/js/bundle.1d434ade.js HTTP/1.1
Host: vue.livehelp100service.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://7003659.com:8989
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
date: Tue, 16 Apr 2024 03:16:24 GMT
server: nginx/1.22.1
last-modified: Wed, 10 Apr 2024 03:09:45 GMT
etag: W/"661602f9-8bc09"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: IFY7fraYUF8j7Qggb45EsO0XInaKkeyu9ftsYsmle0oTw8Sg3U2zXA==
age: 52527
X-Firefox-Spdy: h2

7003659.com:8989/fserver/files/sportTeam/football/de04.png

43.198.190.53

200 OK

3.6 kB

URL GET HTTP/1.1
7003659.com:8989/fserver/files/sportTeam/football/de04.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 150 x 150, 8-bit colormap, non-interlaced
Size
3.6 kB (3615 bytes)
Hash
2b16ddf401e2d75aa5c491b37748ab35
01f9bc3ffaee0f6fb38f8bea8aa25f126353b2e9
16e143bf149bcf3a50ea7fbe471a79fc4e34c2a31c073366b46a8b2c47fcfa20

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fserver/files/sportTeam/football/de04.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Cookie: sticket=U9UQXVOREl1TVRVME; route=c818d4f4451b0c3592b2d6eebdcb59c0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:54 GMT
Content-Type: image/png
Content-Length: 3615
Connection: keep-alive
Last-Modified: Fri, 16 Nov 2018 09:01:28 GMT
Vary: Accept-Encoding
ETag: "5bee8768-e1f"
Expires: Wed, 17 Apr 2024 17:51:54 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/fserver/files/sportTeam/football/es02.png

43.198.190.53

200 OK

4.9 kB

URL GET HTTP/1.1
7003659.com:8989/fserver/files/sportTeam/football/es02.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 150 x 150, 8-bit colormap, non-interlaced
Size
4.9 kB (4874 bytes)
Hash
4ddf48ccb8082db823531868fc3be4a5
4fe0970e00ab07fdd0a4d134f26f93ffa627e23e
4a21fb544b8655eac68b00bbaced721cc7c86ca47d8eb0e115a500afe4e874f1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fserver/files/sportTeam/football/es02.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Cookie: sticket=U9UQXVOREl1TVRVME; route=c818d4f4451b0c3592b2d6eebdcb59c0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:54 GMT
Content-Type: image/png
Content-Length: 4874
Connection: keep-alive
Last-Modified: Thu, 15 Nov 2018 09:01:00 GMT
Vary: Accept-Encoding
ETag: "5bed35cc-130a"
Expires: Wed, 17 Apr 2024 17:51:54 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/fserver/files/gb/141/sportTeam/43/1698175632658.png

43.198.190.53

200 OK

41 kB

URL GET HTTP/1.1
7003659.com:8989/fserver/files/gb/141/sportTeam/43/1698175632658.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Size
41 kB (40618 bytes)
Hash
ab019f2e46e3df3769fb9ad7596dc951
29ca799a7716881ef441eef67d30fd13e16e40d2
4894dba93bf761f317fbd0e6df8dc59e0f90696902b06bdd4797e4a655f9635d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fserver/files/gb/141/sportTeam/43/1698175632658.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Cookie: sticket=U9UQXVOREl1TVRVME; route=c818d4f4451b0c3592b2d6eebdcb59c0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:54 GMT
Content-Type: image/png
Content-Length: 40618
Connection: keep-alive
Last-Modified: Tue, 24 Oct 2023 19:27:12 GMT
Vary: Accept-Encoding
ETag: "65381a90-9eaa"
Expires: Wed, 17 Apr 2024 17:51:54 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7003.png

43.198.190.53

200 OK

105 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7003.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced
Size
105 kB (105068 bytes)
Hash
c421c976cf701cd806a7ebeb8575e0a3
cb84123cde62bcad60f34b5a5703f7bfafca1906
e797e57325c453e7ca7e56e634ada214b51ab9298ba5aea4d183fea859857d60

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7003.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:54 GMT
Content-Type: image/png
Content-Length: 105068
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-19a6c"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:54 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/body-bg.gif?wsSecret=6fe2bab3505956c52367022c98a0bc8f&wsTime=1713289911

103.155.16.137

200 OK

758 B

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/body-bg.gif?wsSecret=6fe2bab3505956c52367022c98a0bc8f&wsTime=1713289911
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
GIF image data, version 89a, 1 x 500
Size
758 B (758 bytes)
Hash
41a9eebb99ba7c3b2a905aaa45726923
abf17115c33bdea05313ce6bcebe3fe4d7da935a
f9b50670a93fcef81c4f838f7da60d397994bea07f83af0f51ae89d670f1189c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/themes/images/body-bg.gif?wsSecret=6fe2bab3505956c52367022c98a0bc8f&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 758
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-03
ETag: "5d2c7603-2f6"
Date: Fri, 22 Mar 2024 04:50:16 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sun, 21 Apr 2024 04:50:16 GMT
Age: 2206898
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-03, HIT from KS-CLOUD-XJP-FOREIGN-21-18
X-Cdn-Request-ID: c17a095e63092b7bd52e9048c6c02c60

3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/head1.jpg?wsSecret=a327079ca3df5fa982d3c904c23bbfa3&wsTime=1713289911

103.155.16.137

200 OK

7.7 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/head1.jpg?wsSecret=a327079ca3df5fa982d3c904c23bbfa3&wsTime=1713289911
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 960x72, components 3
Size
7.7 kB (7727 bytes)
Hash
4e7da730a5cbfe4a7ce573ddcea0e60a
ac31a27a6d71a7a297905c195a6434f043f7f0a7
fe5506589506db3c8dad8b544636c2794a764f28a9ab79215714d5cfe2d866c0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/themes/images/head1.jpg?wsSecret=a327079ca3df5fa982d3c904c23bbfa3&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 7727
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-01
ETag: "613c72a8-1e2f"
Date: Fri, 22 Mar 2024 04:50:16 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Sun, 21 Apr 2024 04:50:16 GMT
Age: 2206898
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-01, HIT from KS-CLOUD-XJP-FOREIGN-21-13
X-Cdn-Request-ID: 5ce241e92033aec6104c2dec8cbaedc9

3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10311/1706611536129.jpg?wsSecret=311db2ea667232b47b5ac87ae007706b&wsTime=1713289911

103.198.200.1

200 OK

868 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10311/1706611536129.jpg?wsSecret=311db2ea667232b47b5ac87ae007706b&wsTime=1713289911
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JPEG image data, progressive, precision 8, 1384x1037, components 3
Size
868 kB (868117 bytes)
Hash
c661cfd818ceb2eb1480c6ed9041c679
805f1e67ab8a24dacb99140a79e34d6edc32fc5a
f345ee1adc137d726f666bd1a052e97125470017ec1596cede12ff4cb629d33c

HTTP Headers

GET /fserver/files/gb/141/carousel/10311/1706611536129.jpg?wsSecret=311db2ea667232b47b5ac87ae007706b&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 868117
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "65b8d350-d3f15"
Date: Sat, 30 Mar 2024 10:56:32 GMT
Last-Modified: Tue, 30 Jan 2024 10:45:36 GMT
Expires: Mon, 29 Apr 2024 10:56:32 GMT
Age: 1493720
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-12
X-Cdn-Request-ID: 8f29445618985bfff5ec4dc7892dfb4e

7003659.com:8989/fserver/files/gb/141/sportTeam/42/1697669072719.png

43.198.190.53

200 OK

41 kB

URL GET HTTP/1.1
7003659.com:8989/fserver/files/gb/141/sportTeam/42/1697669072719.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Size
41 kB (40887 bytes)
Hash
1123068e4071432bbe4bd13819e23133
e5ecf74b967591013d5385c610566a767254b60a
7abb3b3ae78406b689ef8d48da6a46ecdc379cf4a4f2898da1f5e9ca1e5f3281

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fserver/files/gb/141/sportTeam/42/1697669072719.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Cookie: sticket=U9UQXVOREl1TVRVME; route=c818d4f4451b0c3592b2d6eebdcb59c0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:54 GMT
Content-Type: image/png
Content-Length: 40887
Connection: keep-alive
Last-Modified: Wed, 18 Oct 2023 22:44:32 GMT
Vary: Accept-Encoding
ETag: "65305fd0-9fb7"
Expires: Wed, 17 Apr 2024 17:51:54 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10316/1659084716430.png?wsSecret=df0aab6964308ad384c04e3c982d3207&wsTime=1713289911

103.198.200.1

200 OK

70 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10316/1659084716430.png?wsSecret=df0aab6964308ad384c04e3c982d3207&wsTime=1713289911
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 750 x 190, 8-bit colormap, non-interlaced
Size
70 kB (70362 bytes)
Hash
3cec45bced128357804406f23fdb94d1
2e300c18f2c721f4d8580098b46829ef2be4ce1e
36d46701f11f890e85341c03a1381dd46dce7c1be4c2582ebfa67b0e39101d15

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /fserver/files/gb/141/carousel/10316/1659084716430.png?wsSecret=df0aab6964308ad384c04e3c982d3207&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 70362
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "62e39fac-112da"
Date: Fri, 12 Apr 2024 07:31:51 GMT
Last-Modified: Fri, 29 Jul 2022 08:51:56 GMT
Expires: Sun, 12 May 2024 07:31:51 GMT
Age: 382803
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-15
X-Cdn-Request-ID: 7bfa80924fe035eb65903d1b784375e3

7003659.com:8989/fserver/files/gb/141/sportTeam/43/1702647597533.png

43.198.190.53

200 OK

36 kB

URL GET HTTP/1.1
7003659.com:8989/fserver/files/gb/141/sportTeam/43/1702647597533.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Size
36 kB (35804 bytes)
Hash
c5c39a6c9072b58c9a88677c9f58e117
c60f2ca59ac08d06c98dac26a279ba85c384571e
38dc257a8f4e65a7863b6f70c19db013bb648eafecf574532571fb89ab252f14

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fserver/files/gb/141/sportTeam/43/1702647597533.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Cookie: sticket=U9UQXVOREl1TVRVME; route=c818d4f4451b0c3592b2d6eebdcb59c0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:55 GMT
Content-Type: image/png
Content-Length: 35804
Connection: keep-alive
Last-Modified: Fri, 15 Dec 2023 13:39:57 GMT
Vary: Accept-Encoding
ETag: "657c572d-8bdc"
Expires: Wed, 17 Apr 2024 17:51:55 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/fserver/files/gb/141/sportTeam/42/1697669127809.png

43.198.190.53

200 OK

37 kB

URL GET HTTP/1.1
7003659.com:8989/fserver/files/gb/141/sportTeam/42/1697669127809.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Size
37 kB (37090 bytes)
Hash
372792777d5b4a13f2964da0fb0a3375
0614fea7c35efe889b275ccdc600e3539e32fdf1
a025c058fb94364e1cb59ec52d8e7b24abc8807068dcc03f07fc72a9d5827df6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fserver/files/gb/141/sportTeam/42/1697669127809.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Cookie: sticket=U9UQXVOREl1TVRVME; route=c818d4f4451b0c3592b2d6eebdcb59c0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:55 GMT
Content-Type: image/png
Content-Length: 37090
Connection: keep-alive
Last-Modified: Wed, 18 Oct 2023 22:45:27 GMT
Vary: Accept-Encoding
ETag: "65306007-90e2"
Expires: Wed, 17 Apr 2024 17:51:55 GMT
Cache-Control: max-age=86400
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images//sec-nav-bg-grad.gif?wsSecret=8323b450bdec55b2ad281cb459b8d5c9&wsTime=1713289911

103.155.16.137

200 OK

376 B

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images//sec-nav-bg-grad.gif?wsSecret=8323b450bdec55b2ad281cb459b8d5c9&wsTime=1713289911
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
GIF image data, version 89a, 1 x 594
Size
376 B (376 bytes)
Hash
355b2cb853d78ae262c093065eaa6e70
3e8d2a456204e635cfe5bd959cff47faf63023fc
cd58d657e3d79583a5722257d8770e3b5f620f1d58e392f1d9460cc89ac485fa

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/themes/images//sec-nav-bg-grad.gif?wsSecret=8323b450bdec55b2ad281cb459b8d5c9&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 376
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-09
ETag: "5d2c7603-178"
Date: Fri, 22 Mar 2024 04:50:16 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sun, 21 Apr 2024 04:50:16 GMT
Age: 2206898
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-09, HIT from KS-CLOUD-XJP-FOREIGN-21-10
X-Cdn-Request-ID: ae65126aa39490a89f87f389e4f0a2b7

3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/sports-infos-bg.png?wsSecret=4bfbe3414d517142727d2a150bb2638f&wsTime=1713289911

103.198.200.1

200 OK

4.3 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/sports-infos-bg.png?wsSecret=4bfbe3414d517142727d2a150bb2638f&wsTime=1713289911
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 414 x 204, 8-bit/color RGB, non-interlaced
Size
4.3 kB (4311 bytes)
Hash
69957649d4c70d7b7cc0c1aa434c462f
9070128b8ee6a699818e5deb33c926581d5b0b6f
6cff75537c35a2a855cafaf1d2d45767867dbc28774da40ed8c4fd4f4f74a813

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/themes/images/sports-infos-bg.png?wsSecret=4bfbe3414d517142727d2a150bb2638f&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4311
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-04
ETag: "5d2c7603-10d7"
Date: Tue, 16 Apr 2024 09:54:32 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Thu, 16 May 2024 09:54:32 GMT
Age: 28642
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-04, HIT from KS-CLOUD-XG-FOREIGN-21-05
X-Cdn-Request-ID: 3d2c5291fa52280a0ad2e09cec76bc4c

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5003.png

43.198.190.53

200 OK

21 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5003.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
21 kB (21009 bytes)
Hash
a03861df13ee208fcb22c604bc412484
9d5925012e3eb16bb86bbe0b0febd3941847172d
a9a4c50c7e2f04fcfdf467f4b3a6697a2a359c84000b8e38c1b5e3ab3115ab8d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5003.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:55 GMT
Content-Type: image/png
Content-Length: 21009
Connection: keep-alive
Last-Modified: Fri, 09 Aug 2019 09:47:47 GMT
ETag: "5d4d4143-5211"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:55 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/arrow.png?wsSecret=e909f85621b4ac7f344660c9bdd46f4a&wsTime=1713289911

103.198.200.1

200 OK

260 B

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/arrow.png?wsSecret=e909f85621b4ac7f344660c9bdd46f4a&wsTime=1713289911
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 10 x 14, 8-bit colormap, non-interlaced
Size
260 B (260 bytes)
Hash
e602938a99acc154421381f39d5652d8
e12cb203b3e61b0cae31ad5cb3241555caba6c10
73500ead881aa273814d982b0a0e78dc29ebf04f37b5932667785f6f7c45a664

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/themes/images/arrow.png?wsSecret=e909f85621b4ac7f344660c9bdd46f4a&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 260
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "614d2b23-104"
Date: Tue, 16 Apr 2024 09:54:33 GMT
Last-Modified: Fri, 24 Sep 2021 01:34:27 GMT
Expires: Thu, 16 May 2024 09:54:33 GMT
Age: 28641
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-07
X-Cdn-Request-ID: 2a6f83e8ddcf84d198672362b8a0c718

3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/bg-products.gif?wsSecret=3d8a0cea8ce857effcca53b465c706b1&wsTime=1713289911

103.155.16.137

200 OK

21 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/bg-products.gif?wsSecret=3d8a0cea8ce857effcca53b465c706b1&wsTime=1713289911
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
GIF image data, version 89a, 271 x 302
Size
21 kB (21028 bytes)
Hash
e6c33fd46eacf329da3565adb295287a
79b107df875842fd4e22809f21b60c322d128cce
1694db51d04b5d207f7bc4ca11a7fcd2ca171b2f4c2c2b12d1c75e5cb3dbe20f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/themes/images/bg-products.gif?wsSecret=3d8a0cea8ce857effcca53b465c706b1&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 21028
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-07
ETag: "5d2c7603-5224"
Date: Fri, 22 Mar 2024 04:50:15 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sun, 21 Apr 2024 04:50:15 GMT
Age: 2206899
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-07, HIT from KS-CLOUD-XJP-FOREIGN-21-08
X-Cdn-Request-ID: 2bdc2e0f989a3ab30c124e748b6ded10

3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/btn.png?wsSecret=ae2c63362aa5332305edc2e11b26b578&wsTime=1713289911

103.155.16.137

200 OK

484 B

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/themes/images/btn.png?wsSecret=ae2c63362aa5332305edc2e11b26b578&wsTime=1713289911
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 170 x 28, 8-bit colormap, non-interlaced
Size
484 B (484 bytes)
Hash
b1ab87f2aa1045cf56bd192752fb20ba
e8b07455934b82eb6c9d1a5d657c582822eb32cc
527228714a2a640b71788550f8dcd2c0964ee13fdfddc1c57ff377134f8fcecb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/themes/images/btn.png?wsSecret=ae2c63362aa5332305edc2e11b26b578&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 484
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-07
ETag: "613c72a8-1e4"
Date: Fri, 22 Mar 2024 04:50:15 GMT
Last-Modified: Sat, 11 Sep 2021 09:11:04 GMT
Expires: Sun, 21 Apr 2024 04:50:15 GMT
Age: 2206899
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-12-07, HIT from KS-CLOUD-XJP-FOREIGN-21-19
X-Cdn-Request-ID: a2b62729defb691d6f90ac7601ba0028

3dsa62.gaokejd.xyz/ftl/bet365-141-2/images/index-casino.jpg?wsSecret=fe6e0eb92189bfb663fa860fe931519c&wsTime=1713289911

103.198.200.1

200 OK

12 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/images/index-casino.jpg?wsSecret=fe6e0eb92189bfb663fa860fe931519c&wsTime=1713289911
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 271x81, components 3
Size
12 kB (11660 bytes)
Hash
62f912bb32aecad4ab710243a04a4ba9
f8a22eaaf6dc17329932db9c19484907332ea800
ecc11913678af89246c957fae2eaf6cbb07316f7ad24bdcc3e2b115293e46f60

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/images/index-casino.jpg?wsSecret=fe6e0eb92189bfb663fa860fe931519c&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 11660
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "5d2c7603-2d8c"
Date: Tue, 16 Apr 2024 09:54:32 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Thu, 16 May 2024 09:54:32 GMT
Age: 28642
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-08
X-Cdn-Request-ID: 7b135f67c04bbd7bbaf69c6c26c0e52a

3dsa62.gaokejd.xyz/ftl/bet365-141-2/images/index-game.jpg?wsSecret=d4f8b89b22525031cadcf21e16d8e06d&wsTime=1713289911

103.198.200.1

200 OK

12 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/images/index-game.jpg?wsSecret=d4f8b89b22525031cadcf21e16d8e06d&wsTime=1713289911
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 271x81, components 3
Size
12 kB (11478 bytes)
Hash
6274335f5e37fb7e3aa19dba05a07ef3
d54c0b0cccf2158aee56d7f1f465d5bb907edf06
39d9bd9e19956bb52c4c880dc6987383c34dc0873aadaa6b3763e3421e06def7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/images/index-game.jpg?wsSecret=d4f8b89b22525031cadcf21e16d8e06d&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 11478
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-01
ETag: "5d2c7603-2cd6"
Date: Tue, 16 Apr 2024 09:54:33 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Thu, 16 May 2024 09:54:33 GMT
Age: 28642
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-01, HIT from KS-CLOUD-XG-FOREIGN-21-03
X-Cdn-Request-ID: ee6721d1d051d5f918fbdfe9a1ee3918

3dsa62.gaokejd.xyz/ftl/bet365-141-2/images/index-lottery.jpg?wsSecret=331a5792b8cc95565451c89ed3d49687&wsTime=1713289911

103.155.16.137

200 OK

7.9 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/bet365-141-2/images/index-lottery.jpg?wsSecret=331a5792b8cc95565451c89ed3d49687&wsTime=1713289911
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 270x81, components 3
Size
7.9 kB (7926 bytes)
Hash
90dfcd159d726929aa2e8140ac0a43cd
dae58fb59b64ca2922198f64c87762d10dbd161a
cd548d38e7e22e8597da17809e9dd1ee020cfe72288ac55fdb14c9b4130d9e92

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/bet365-141-2/images/index-lottery.jpg?wsSecret=331a5792b8cc95565451c89ed3d49687&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 7926
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-06
ETag: "5d2c7603-1ef6"
Date: Fri, 22 Mar 2024 04:50:16 GMT
Last-Modified: Mon, 15 Jul 2019 12:48:03 GMT
Expires: Sun, 21 Apr 2024 04:50:16 GMT
Age: 2206898
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-06, HIT from KS-CLOUD-XJP-FOREIGN-21-16
X-Cdn-Request-ID: 41219a8a308f648802fb8d6f3f00e159

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5011.png

43.198.190.53

200 OK

23 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5011.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
23 kB (23076 bytes)
Hash
2ae6a25328f92bbd4f06bf83f0d64a34
a182c94addc49f545829566f4f87e7cdf5a2b16a
92d81aa551c89d28170300c1d6ae6e5795e33ac101988de54570fae720fa15c9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5011.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:55 GMT
Content-Type: image/png
Content-Length: 23076
Connection: keep-alive
Last-Modified: Mon, 15 May 2023 01:55:35 GMT
ETag: "64619117-5a24"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:55 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5001.png

43.198.190.53

200 OK

20 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5001.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
20 kB (20254 bytes)
Hash
45d0f5934f7f664e4fb397fbe69c0bec
72a5c4e823954ec0111709b6aec71c1f0b08fe43
3e9fedb5bbb6caac2dfc16278ba5d0c26483aa3efb5508374eeec9de7b9f9cd4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5001.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:55 GMT
Content-Type: image/png
Content-Length: 20254
Connection: keep-alive
Last-Modified: Fri, 09 Aug 2019 09:47:47 GMT
ETag: "5d4d4143-4f1e"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:55 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5009.png

43.198.190.53

200 OK

24 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5009.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
24 kB (23503 bytes)
Hash
a838bd44f3219c2da8d802049a368871
56a1eacbfcc03256d8890dc8c24d616eaae6be10
ae6f7920d6589965170f6995ef03b30cf9148e5cf3c2706dc796af4b4740ed16

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5009.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:55 GMT
Content-Type: image/png
Content-Length: 23503
Connection: keep-alive
Last-Modified: Tue, 27 Feb 2024 03:00:13 GMT
ETag: "65dd503d-5bcf"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:55 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_dp_fishking_1.png

43.198.190.53

200 OK

100 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_dp_fishking_1.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced
Size
100 kB (99561 bytes)
Hash
238d4aea15d8dc35dfd87135602b3095
4f6a291f4f625c7fa517f74c2631eb00df29db77
5eef3bf50fa69fc029cd8290a7da27b760aec9bb3b138102dbfefdf97df848c5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_dp_fishking_1.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:54 GMT
Content-Type: image/png
Content-Length: 99561
Connection: keep-alive
Last-Modified: Mon, 27 Sep 2021 03:42:41 GMT
ETag: "61513db1-184e9"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:54 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7004.png

43.198.190.53

200 OK

102 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7004.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced
Size
102 kB (102160 bytes)
Hash
18b9c1ca12b579e3be9de7f0b3d765b7
cabb9ddce1222608668401769754241d2667ac59
81b7527eda1e9db86dc9704173b4e9aa50932eb8c80ea08b23d969899bca9656

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7004.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:55 GMT
Content-Type: image/png
Content-Length: 102160
Connection: keep-alive
Last-Modified: Mon, 15 Jul 2019 12:48:11 GMT
ETag: "5d2c760b-18f10"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:55 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7006.png

43.198.190.53

200 OK

20 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7006.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
20 kB (20484 bytes)
Hash
7facd57d474585a0c9e3b2b6d4762969
814362f72beba19c7dfb93b8d2bc760f87a2a00e
3bf01b8e569dbd7060d7dcb2222e7e3ebc9e42f715535df2315c877fed9046bd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7006.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:55 GMT
Content-Type: image/png
Content-Length: 20484
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-5004"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:55 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/fserver/files/gb/141/floatImage/285/1711711033519.png?wsSecret=c2689fe758ee2832cafc17a29907e6bc&wsTime=1713289911

103.198.200.1

200 OK

131 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/floatImage/285/1711711033519.png?wsSecret=c2689fe758ee2832cafc17a29907e6bc&wsTime=1713289911
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 250 x 290, 8-bit/color RGBA, non-interlaced
Size
131 kB (130696 bytes)
Hash
a5c79c633e591bbf8c5e2f849d41f444
b4e55d262a0b542ffbd482c6385038bb673955e0
87652d9c210acd6dd2c541f2e0315813e30fedb4f1f956079992de0e1f645abe

HTTP Headers

GET /fserver/files/gb/141/floatImage/285/1711711033519.png?wsSecret=c2689fe758ee2832cafc17a29907e6bc&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 130696
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-03
ETag: "6606a339-1fe88"
Date: Tue, 09 Apr 2024 04:01:40 GMT
Last-Modified: Fri, 29 Mar 2024 11:17:13 GMT
Expires: Thu, 09 May 2024 04:01:40 GMT
Age: 654614
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-206
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-03, HIT from KS-CLOUD-XG-FOREIGN-21-07
X-Cdn-Request-ID: 9982e18b662c0bf221949b34ba4c36cf

3dsa62.gaokejd.xyz/fserver/files/gb/141/floatImage/285/1711711034070.png?wsSecret=77af39586e91ededc191d604714bc73c&wsTime=1713289911

103.155.16.137

200 OK

132 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/floatImage/285/1711711034070.png?wsSecret=77af39586e91ededc191d604714bc73c&wsTime=1713289911
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 250 x 290, 8-bit/color RGBA, non-interlaced
Size
132 kB (132269 bytes)
Hash
cc221abf91e03badabbb800bd556b293
5648f61ee8466146b899b9de0ce71a24bf826682
f5574d24ec46fddd9eb03a87b2b625905465d8ce03a2950dd880028f6d467c9e

HTTP Headers

GET /fserver/files/gb/141/floatImage/285/1711711034070.png?wsSecret=77af39586e91ededc191d604714bc73c&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 132269
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-12-07
ETag: "6606a33a-204ad"
Date: Tue, 09 Apr 2024 04:04:59 GMT
Last-Modified: Fri, 29 Mar 2024 11:17:14 GMT
Expires: Thu, 09 May 2024 04:04:59 GMT
Age: 654415
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: MISS from KS-CLOUD-XJP-12-07, HIT from KS-CLOUD-XJP-FOREIGN-21-19
X-Cdn-Request-ID: 96deb8dfec3a97f29b7db31c580feac1

3dsa62.gaokejd.xyz/fserver/files/gb/141/floatImage/273/1706974573234.png?wsSecret=e0132e455a8e6b8ce107f7ec0788e44d&wsTime=1713289911

103.155.16.137

200 OK

76 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/floatImage/273/1706974573234.png?wsSecret=e0132e455a8e6b8ce107f7ec0788e44d&wsTime=1713289911
IP
103.155.16.137:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 140 x 476, 8-bit/color RGBA, non-interlaced
Size
76 kB (75917 bytes)
Hash
f3de9bb51b6039d289cb4fdcc934512a
a90eb2778d87500e7b919b03d077db5a400b5a36
ab40ca27e8fdcdcf45e7e75a910f14c450b9496e731c1b1f316236b9456bdfd2

HTTP Headers

GET /fserver/files/gb/141/floatImage/273/1706974573234.png?wsSecret=e0132e455a8e6b8ce107f7ec0788e44d&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 75917
Connection: keep-alive
Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-05
ETag: "65be5d6d-1288d"
Date: Mon, 08 Apr 2024 10:40:52 GMT
Last-Modified: Sat, 03 Feb 2024 15:36:13 GMT
Expires: Wed, 08 May 2024 10:40:52 GMT
Age: 717063
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xjp21:443;xjp12:80;
X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-05, HIT from KS-CLOUD-XJP-FOREIGN-21-12
X-Cdn-Request-ID: 3ffa34816a3b3aa925af102f4fe7a9af

3dsa62.gaokejd.xyz/fserver/files/gb/141/floatImage/273/1666693826530.png?wsSecret=78ca29c99d836f8a7c1bf523554a6d74&wsTime=1713289911

103.198.200.1

200 OK

8.6 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/floatImage/273/1666693826530.png?wsSecret=78ca29c99d836f8a7c1bf523554a6d74&wsTime=1713289911
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 140 x 35, 8-bit/color RGBA, non-interlaced
Size
8.6 kB (8612 bytes)
Hash
e9b65c8ad826f51a6e0d8b30801ebe97
a6b5f8cf0772e12117fe5db956482ed8f15140d5
2a2c01d75b9b60e977fb5a8e535fc8ea4e9146bb499e2af25ccf1bd5ebaaf840

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /fserver/files/gb/141/floatImage/273/1666693826530.png?wsSecret=78ca29c99d836f8a7c1bf523554a6d74&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 8612
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "6357bac2-21a4"
Date: Fri, 12 Apr 2024 07:18:04 GMT
Last-Modified: Tue, 25 Oct 2022 10:30:26 GMT
Expires: Sun, 12 May 2024 07:18:04 GMT
Age: 383630
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-02
X-Cdn-Request-ID: 1c95c5ede4f0c649aa865205cb30872d

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5002.png

43.198.190.53

200 OK

21 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5002.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
21 kB (21363 bytes)
Hash
d73cf218f18362d0a89cb36a4a3303ff
57bf03bb562ca33343b19db1fe5e872335cc1cb2
691d5caeb173c0c0817111fea711d2685d1e0e4e7e19f6aa7282fc525193f40c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5002.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:55 GMT
Content-Type: image/png
Content-Length: 21363
Connection: keep-alive
Last-Modified: Fri, 11 Feb 2022 05:28:08 GMT
ETag: "6205f3e8-5373"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:55 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5008.png

43.198.190.53

200 OK

25 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5008.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
25 kB (25306 bytes)
Hash
fe68bd976f14eae2ff73e6a8bd15cf21
87d088019e1519543a97ed7a4434811af556fc99
252e31e22c89ef440f39bcc016264c6917b141c78f82152a678038365b50752e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5008.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:55 GMT
Content-Type: image/png
Content-Length: 25306
Connection: keep-alive
Last-Modified: Tue, 27 Feb 2024 03:00:13 GMT
ETag: "65dd503d-62da"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:55 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5007.png

43.198.190.53

200 OK

22 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5007.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
22 kB (21877 bytes)
Hash
feaff8384a2780bf50a660b657928245
eb492cee9a7d13b8114aa1c75c6db75742d7ef4a
ec33d957ba07daa21a098bc096b1c643ae64420e1924f0691b6b75fd4e8707f2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5007.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:55 GMT
Content-Type: image/png
Content-Length: 21877
Connection: keep-alive
Last-Modified: Fri, 09 Aug 2019 09:47:47 GMT
ETag: "5d4d4143-5575"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:55 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_1jeqx59c7ztqg.png

43.198.190.53

200 OK

24 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_1jeqx59c7ztqg.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
24 kB (23771 bytes)
Hash
19e16d0cf5c005f3fd798e8f0131db7d
ebb9c520f4047172662991c689a2e07015680dcd
57c3d3bf827de223898f46813f9bd0fd2296cc21a61f3f77d03ba6cee265c78d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_1jeqx59c7ztqg.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:56 GMT
Content-Type: image/png
Content-Length: 23771
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-5cdb"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:56 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_411.png

43.198.190.53

200 OK

107 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_411.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced
Size
107 kB (107367 bytes)
Hash
f391a00c7ca4a801c7c46431f6949f3e
392e698fcd6b15c2397eb576de33134e7abae702
1ffd1f9416cc641e5c5659de5a2f1530bbe7ddeeb71c91af2db8129c6624f64f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_411.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:56 GMT
Content-Type: image/png
Content-Length: 107367
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-1a367"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:56 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_b8rzo7uzqt4sw.png

43.198.190.53

200 OK

24 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_b8rzo7uzqt4sw.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
24 kB (23806 bytes)
Hash
d7c26fb9503ab2caf040730495a59f32
06f8414b2709fac132dd2b3071843a86ab745b51
8d437af3cea1d4efc2bf19c763c17c3487f9a76db3a287a975a18f90dffea630

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_88_b8rzo7uzqt4sw.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:56 GMT
Content-Type: image/png
Content-Length: 23806
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-5cfe"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:56 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5004.png

43.198.190.53

200 OK

23 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5004.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
23 kB (23021 bytes)
Hash
20cd47483388f1e46ed9c2304f2c60ea
1c09b695620a64ae94ba7807a41e95733c6211f9
8f091a2a4dd3a918c15d7692aeb343f3d8e8d673541411e74256a48865735448

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5004.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:56 GMT
Content-Type: image/png
Content-Length: 23021
Connection: keep-alive
Last-Modified: Fri, 09 Aug 2019 09:47:47 GMT
ETag: "5d4d4143-59ed"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:56 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5005.png

43.198.190.53

200 OK

22 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5005.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
22 kB (21850 bytes)
Hash
2acb631ee46633c2bb57645aa0062b24
7ebc60e9519805119574b600d0400278fb02ea7f
c026010b4e9ba86b7dd1670e242e42a1e4fec0547b7fecc3b37feddd0c21d46b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5005.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:56 GMT
Content-Type: image/png
Content-Length: 21850
Connection: keep-alive
Last-Modified: Fri, 09 Aug 2019 09:47:47 GMT
ETag: "5d4d4143-555a"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:56 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1010.png

43.198.190.53

200 OK

104 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1010.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced
Size
104 kB (103628 bytes)
Hash
8d666e925b25cb11e51e73f93c070f4d
c6ff29c0819e955832f80eb564569cadd6a2b6e9
58377e7130027c1bc0b0d1640be5c18574464c78253ee14a8957586e32f55e0a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1010.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:56 GMT
Content-Type: image/png
Content-Length: 103628
Connection: keep-alive
Last-Modified: Tue, 10 May 2022 03:35:17 GMT
ETag: "6279dd75-194cc"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:56 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_030.png

43.198.190.53

200 OK

92 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_030.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced
Size
92 kB (91545 bytes)
Hash
9f3fb2c25fe5ed8707017bd1c48b7dad
0431fc4b55351854aa7a1b519549df5d71f18ace
d86817d248b0c22c26c6c3a95c307094345fb2b3e51245164599a7c3969d4e6c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_030.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:56 GMT
Content-Type: image/png
Content-Length: 91545
Connection: keep-alive
Last-Modified: Mon, 25 Oct 2021 06:59:30 GMT
ETag: "617655d2-16599"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:56 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1003.png

43.198.190.53

200 OK

127 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1003.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced
Size
127 kB (126630 bytes)
Hash
b5927edf22b7afcaa8623bb2bf7a023c
27991e900ef52dc1848a4d010abaee15b9764ad7
9bd02bff9e834cfb9d1e51a452cffa22aeecb4564729009c4e76d9d92ff6a73b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1003.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:56 GMT
Content-Type: image/png
Content-Length: 126630
Connection: keep-alive
Last-Modified: Mon, 27 Sep 2021 03:42:41 GMT
ETag: "61513db1-1eea6"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:56 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1002.png

43.198.190.53

200 OK

120 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1002.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced
Size
120 kB (119603 bytes)
Hash
47f82f045a474d9481728a14eef31212
e0440f66748805d9bd9fd46164094f9848054da4
3f6b4bf17a52f4989b5ebe3ee767a5e12554b0ac387668e8da6bb6ed67224431

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1002.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:57 GMT
Content-Type: image/png
Content-Length: 119603
Connection: keep-alive
Last-Modified: Mon, 27 Sep 2021 03:42:41 GMT
ETag: "61513db1-1d333"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:57 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1001.png

43.198.190.53

200 OK

98 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1001.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced
Size
98 kB (97628 bytes)
Hash
877c38be4323f2c147032108ccef2199
add9d18c6be428cb95544a73b0f6e00f11fc2b5b
a0424505fba5728d840e3f3c9dfc0b3a5c7838813eb4eb37e9babe498c79e16b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1001.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:57 GMT
Content-Type: image/png
Content-Length: 97628
Connection: keep-alive
Last-Modified: Mon, 27 Sep 2021 03:42:41 GMT
ETag: "61513db1-17d5c"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:57 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_060.png

43.198.190.53

200 OK

26 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_060.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
26 kB (25785 bytes)
Hash
51de7c3b3b21d10f38a0c30ac5e4fd24
106f9a993385ff522dad2b37dbdb3c58f035ac20
9240329d37bd41d53a4f2864a255b9f9aef025474f2965130ed5668f10ee311e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_060.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:57 GMT
Content-Type: image/png
Content-Length: 25785
Connection: keep-alive
Last-Modified: Fri, 07 Apr 2023 02:35:05 GMT
ETag: "642f8159-64b9"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:57 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_105.png

43.198.190.53

200 OK

102 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_105.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced
Size
102 kB (102258 bytes)
Hash
8d9aba5a434311f951ac04421c7dc771
9e269ef70b1c650a4177aa6ca8f9b5c8d400be42
282aee25e5c5e665f12f0593297c59ef00dfcbb88b210b4bc9466ab4d0e14bea

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_73_105.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:56 GMT
Content-Type: image/png
Content-Length: 102258
Connection: keep-alive
Last-Modified: Sat, 11 Sep 2021 09:11:25 GMT
ETag: "613c72bd-18f72"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:56 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1009.png

43.198.190.53

200 OK

123 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1009.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced
Size
123 kB (122960 bytes)
Hash
b69175dfa95eb604296c5851d0c3e475
4261111823816abc196390d2e8d44b4fbb4131ab
2bde2c2b2e0d167704830962300fd6528f914b1688a08b9cacc344af415fa1a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1009.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:57 GMT
Content-Type: image/png
Content-Length: 122960
Connection: keep-alive
Last-Modified: Mon, 27 Sep 2021 03:42:41 GMT
ETag: "61513db1-1e050"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:57 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5006.png

43.198.190.53

200 OK

20 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5006.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Size
20 kB (20434 bytes)
Hash
7769f6a35df5811fbe7fa97b2aea9a1c
2875a7cfef0a8a296374aba27f95a8a8d79b8acf
855a9b3bb8c24ca1ed6cbf42331ff6a243e03b1452d8c2d371df11d861f8712b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_65_5006.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:55 GMT
Content-Type: image/png
Content-Length: 20434
Connection: keep-alive
Last-Modified: Fri, 09 Aug 2019 09:47:47 GMT
ETag: "5d4d4143-4fd2"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:55 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_018.png

43.198.190.53

200 OK

104 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_018.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced
Size
104 kB (103789 bytes)
Hash
47f5aa60abc34c45a6676edb8fdf0479
26c8e877af1411d84fa894f304795cc48e7ccb3e
35097b6af20809e9e749d5744ba558e6abb5d8f1cc0a48d351d7b6266eb1353b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_018.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:56 GMT
Content-Type: image/png
Content-Length: 103789
Connection: keep-alive
Last-Modified: Mon, 27 Sep 2021 03:42:41 GMT
ETag: "61513db1-1956d"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:56 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_020.png

43.198.190.53

200 OK

106 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_020.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced
Size
106 kB (105577 bytes)
Hash
88a047662775c71a5483b0643e4cc75d
1403cc8add3e60970a95f9dd1b23084b850266be
ba2434bbbac29b41f9fc1f429f7311ca994e3888dbbd5b115a9829438ab130f7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_020.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:57 GMT
Content-Type: image/png
Content-Length: 105577
Connection: keep-alive
Last-Modified: Mon, 27 Sep 2021 03:42:41 GMT
ETag: "61513db1-19c69"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:57 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_dp_fish3d_1.png

43.198.190.53

200 OK

95 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_dp_fish3d_1.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced
Size
95 kB (94694 bytes)
Hash
6ef924ca51b45c0c8b2292cf0531f7de
df123702eb28a9af0b9d49ed1281e3503df079bb
30e68be2e4475a104b7dfc231dce0f2833244d21b28702ce33ff411976449516

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_dp_fish3d_1.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:57 GMT
Content-Type: image/png
Content-Length: 94694
Connection: keep-alive
Last-Modified: Mon, 27 Sep 2021 03:42:41 GMT
ETag: "61513db1-171e6"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:57 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_017.png

43.198.190.53

200 OK

96 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_017.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced
Size
96 kB (95696 bytes)
Hash
0ea541fd7014332c36b6d147e4e97dac
ec19906ce3c4f9bf8b0811437b4e6daefb64073c
f92a42092bfb2d534b675509c54ce485f2d38f5c6e3ae25e013859f868f49ae7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_017.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:57 GMT
Content-Type: image/png
Content-Length: 95696
Connection: keep-alive
Last-Modified: Mon, 27 Sep 2021 03:42:41 GMT
ETag: "61513db1-175d0"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:57 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_012.png

43.198.190.53

200 OK

99 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_012.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced
Size
99 kB (98689 bytes)
Hash
8d9b708f3313917c09eb78bbe19876a5
4b254e52083cf6f29daf23393f398f9c542638f1
29c83142b9e396bb4645c5b797b46ea424e84ec7c46baab65f5223ddb85519cf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_012.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:57 GMT
Content-Type: image/png
Content-Length: 98689
Connection: keep-alive
Last-Modified: Thu, 07 Oct 2021 04:39:15 GMT
ETag: "615e79f3-18181"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:57 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_dp_cutfish_1.png

43.198.190.53

200 OK

107 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_dp_cutfish_1.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced
Size
107 kB (107343 bytes)
Hash
cd532ab1788f1366939b5d7dc3060f98
a02e5eb5963d5af3919dc39f13cb306bb72cd843
958be35d3134e8e973b263ab96ede273091f441ad6435e0a9178c68daafdd506

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_dp_cutfish_1.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:57 GMT
Content-Type: image/png
Content-Length: 107343
Connection: keep-alive
Last-Modified: Mon, 27 Sep 2021 03:42:41 GMT
ETag: "61513db1-1a34f"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:57 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/ftl/commonPage/images/favicon/favicon_141.png?wsSecret=e277fbdbad5347b531c10cf2617ca2b2&wsTime=1713289911

103.198.200.1

200 OK

4.7 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/ftl/commonPage/images/favicon/favicon_141.png?wsSecret=e277fbdbad5347b531c10cf2617ca2b2&wsTime=1713289911
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
PNG image data, 64 x 64, 8-bit/color RGB, non-interlaced
Size
4.7 kB (4704 bytes)
Hash
834417d344a1bd995c78df66fe45edbd
79a5cd12dc1bf06043f38349e6dd492e58144a01
736b8041b08f7ec7a5f5a8e8d4d857dc58f1f03d4e2b6f738a2f1c9ae3892bbb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365

HTTP Headers

GET /ftl/commonPage/images/favicon/favicon_141.png?wsSecret=e277fbdbad5347b531c10cf2617ca2b2&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 4704
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-06
ETag: "6311d300-1260"
Date: Tue, 16 Apr 2024 09:59:57 GMT
Last-Modified: Fri, 02 Sep 2022 09:55:12 GMT
Expires: Thu, 16 May 2024 09:59:57 GMT
Age: 28320
Cache-Control: max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
uuid: -
out-line: gb-cdn-205
x-link-via: xg21:443;xg12:80;
X-Cache-Status: HIT from KS-CLOUD-XG-FOREIGN-12-06, HIT from KS-CLOUD-XG-FOREIGN-21-01
X-Cdn-Request-ID: 83d76e127527e1a2c6ed6135139c58b5

7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1004.png

43.198.190.53

200 OK

107 kB

URL GET HTTP/1.1
7003659.com:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1004.png
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
PNG image data, 250 x 215, 8-bit/color RGBA, non-interlaced
Size
107 kB (107087 bytes)
Hash
97e7e1d62e6ab7d3fb963eeaa7eaf82c
0b8b4dfbecc67f6c2108f1518363b04df485c23c
ba14d4ca242898af3cc3283eae416223f025413067480df7b0dd1ec6904d1b38

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1004.png HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 17:51:58 GMT
Content-Type: image/png
Content-Length: 107087
Connection: keep-alive
Last-Modified: Mon, 27 Sep 2021 03:42:41 GMT
ETag: "61513db1-1a24f"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Expires: Wed, 17 Apr 2024 17:51:58 GMT
Cache-Control: max-age=86400
X-Cache: HIT
uuid: -
out-line: gb-site-133
Accept-Ranges: bytes

3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10381/1703252230389.jpg?wsSecret=14acae2ab3887aea05ffa0d465fee249&wsTime=1713289911

103.198.200.1

200 OK

409 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10381/1703252230389.jpg?wsSecret=14acae2ab3887aea05ffa0d465fee249&wsTime=1713289911
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JPEG image data, baseline, precision 8, 694x520, components 3
Size
409 kB (408854 bytes)
Hash
c579510f246a22dd64c6eada687ee863
30416c1b087709d27db6abf5280852acea00c48b
3266f67cc508980ffa10b7e7c5ecc6de3f64f8de09e5a270f9a3d4ab1fe7e05e

HTTP Headers

GET /fserver/files/gb/141/carousel/10381/1703252230389.jpg?wsSecret=14acae2ab3887aea05ffa0d465fee249&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 408854
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-02
ETag: "65859106-63d16"
Date: Thu, 21 Mar 2024 13:50:50 GMT
Last-Modified: Fri, 22 Dec 2023 13:37:10 GMT
Expires: Sat, 20 Apr 2024 13:50:50 GMT
Age: 2260863
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-02, HIT from KS-CLOUD-XG-FOREIGN-21-03
X-Cdn-Request-ID: fdf8943c85678d446c82629e020a798e

7003659.com:8989/mobile-api/v5/origin/loginSwitchCheck.html

43.198.190.53

200

174 B

URL GET HTTP/1.1
7003659.com:8989/mobile-api/v5/origin/loginSwitchCheck.html
IP
43.198.190.53:8989
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerLet's Encrypt
Subject7003659.com
Fingerprint51:2C:BD:80:EB:1F:13:D2:91:19:86:92:91:82:0A:2B:50:AC:49:AA
ValiditySun, 04 Feb 2024 15:17:35 GMT - Sat, 04 May 2024 15:17:34 GMT

File type
troff or preprocessor input, Unicode text, UTF-8 text, with no line terminators
Size
174 B (174 bytes)
Hash
384b8edc0425027ea8363c2a3a1ccc8a
8fd8da38388b633453e57836f639a9105eba15c4
37a39fed46764175ca6e8cb7cd92deaebe855c5151b6154d65b5f42d8dc46519

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Bet365
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /mobile-api/v5/origin/loginSwitchCheck.html HTTP/1.1
Host: 7003659.com:8989
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Cookie: sticket=U9UQXVOREl1TVRVME; route=98d89b53d4664b2b8f76fcfb49bcc69d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Tue, 16 Apr 2024 17:51:53 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 174
Connection: keep-alive
Set-Cookie: route=181dd5ae39c7acd81ad5ca039c14a954; Path=/
Access-Control-Allow-Methods: *
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: Content-Type,Access-Token,X-Requested-With
Content-Disposition: inline;filename=f.txt
sub-sys: mobile
X-Frame-Options: SAMEORIGIN
uuid: 00141-01-00000000-1713289913dc1f
out-line: gb-site-133

3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10289/1706612387565.jpg?wsSecret=e712477b5f7e822298b5842ce1a96baf&wsTime=1713289911

103.198.200.1

200 OK

288 kB

URL GET HTTP/1.1
3dsa62.gaokejd.xyz/fserver/files/gb/141/carousel/10289/1706612387565.jpg?wsSecret=e712477b5f7e822298b5842ce1a96baf&wsTime=1713289911
IP
103.198.200.1:443
ASN
#138915 Kaopu Cloud HK Limited

Requested by
https://7003659.com:8989/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.gaokejd.xyz
Fingerprint0C:64:1D:5D:7A:1C:81:05:EF:CD:74:CC:64:84:BF:1B:CB:80:25:BA
ValidityThu, 30 Nov 2023 01:16:02 GMT - Fri, 29 Nov 2024 01:16:01 GMT

File type
JPEG image data, progressive, precision 8, 694x520, components 3
Size
288 kB (288279 bytes)
Hash
55b47792c01b194b47fdcf67361a6c72
2c0eaa79db6d5c1fa043b6eb21eb96866eaee2e3
9716cf5bba76c06fb35891ca7642c8620ed819053743125b87d01255f0a38fb4

HTTP Headers

GET /fserver/files/gb/141/carousel/10289/1706612387565.jpg?wsSecret=e712477b5f7e822298b5842ce1a96baf&wsTime=1713289911 HTTP/1.1
Host: 3dsa62.gaokejd.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 288279
Connection: keep-alive
Server: Default-server-KS-CLOUD-XG-FOREIGN-12-05
ETag: "65b8d6a3-46617"
Date: Sat, 30 Mar 2024 11:11:46 GMT
Last-Modified: Tue, 30 Jan 2024 10:59:47 GMT
Expires: Mon, 29 Apr 2024 11:11:46 GMT
Age: 1492806
Cache-Control: max-age=86400
Accept-Ranges: bytes
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
X-Cache: MISS
uuid: -
out-line: gb-cdn-204
x-link-via: xg21:443;xg12:80;
X-Cache-Status: MISS from KS-CLOUD-XG-FOREIGN-12-05, HIT from KS-CLOUD-XG-FOREIGN-21-07
X-Cdn-Request-ID: 155ce172b43e2f53353c14d3c16953e7

786ad.239tgaaagf.com/visitor.ashx?siteId=65000584

99.83.207.187

200 OK

1.3 kB

URL POST HTTP/2
786ad.239tgaaagf.com/visitor.ashx?siteId=65000584
IP
99.83.207.187:443
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerAmazon
Subject*.livehelp100service.com
Fingerprint30:5B:92:F8:D3:3F:D6:BC:AB:CB:92:F8:DB:62:DE:57:A3:32:FC:AC
ValidityFri, 11 Aug 2023 00:00:00 GMT - Sun, 08 Sep 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (1428), with no line terminators
Size
1.3 kB (1302 bytes)
Hash
3e946a49d82305ac5305884212a2902a
3e9d411fa5b427967289c75c8ec57098cc8963df
1f44f36601f396121704d5ff6f6a0d6f6a3043db30f3688e61283ed430740a31

HTTP Headers

POST /visitor.ashx?siteId=65000584 HTTP/1.1
Host: 786ad.239tgaaagf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1167
Origin: https://7003659.com:8989
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 17:51:54 GMT
content-type: text/json
access-control-allow-credentials: true
access-control-allow-origin: https://7003659.com:8989
set-cookie: visitorGuid_65000584=8b728c6d-2f28-4d25-ac44-a96caeb54f58; expires=Mon, 18 Aug 3023 17:51:54 GMT; path=/; secure; samesite=none
arrserver: chatserver2
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self'
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

vue.livehelp100service.com/visitorside/js/Button.54c74e79.js

143.204.55.116

200 OK

9.8 kB

URL GET HTTP/2
vue.livehelp100service.com/visitorside/js/Button.54c74e79.js
IP
143.204.55.116:443
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerAmazon
Subject*.livehelp100service.com
Fingerprint63:B0:01:26:AE:72:99:B7:98:45:6B:15:1E:CE:05:7B:20:19:C3:2B
ValidityThu, 30 Nov 2023 00:00:00 GMT - Sun, 29 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (9983), with no line terminators
Size
9.8 kB (9810 bytes)
Hash
ce854dd9d4ecdda4449b4f4f478bf062
d4527c7fd59712f664cd9b5183425d38a4b23da8
ea4955fd98201d5530063829089f0aecd1480e3e001e43b67e40c26dc9bdc47e

HTTP Headers

GET /visitorside/js/Button.54c74e79.js HTTP/1.1
Host: vue.livehelp100service.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://7003659.com:8989
DNT: 1
Connection: keep-alive
Referer: https://vue.livehelp100service.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
date: Tue, 16 Apr 2024 03:14:19 GMT
server: nginx/1.22.1
last-modified: Wed, 10 Apr 2024 03:09:45 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
etag: W/"661602f9-2652"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8RL0o130hvt_W66MEXtQvhybFiEsDh8wuWjyKvZ36kjkvZFYInsnCw==
age: 52656
X-Firefox-Spdy: h2

vue.livehelp100service.com/livechat.ashx?siteId=65000584

143.204.55.116

200 OK

1.9 kB

URL GET HTTP/2
vue.livehelp100service.com/livechat.ashx?siteId=65000584
IP
143.204.55.116:443
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerAmazon
Subject*.livehelp100service.com
Fingerprint63:B0:01:26:AE:72:99:B7:98:45:6B:15:1E:CE:05:7B:20:19:C3:2B
ValidityThu, 30 Nov 2023 00:00:00 GMT - Sun, 29 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2045), with no line terminators
Size
1.9 kB (1855 bytes)
Hash
ca7dc2113683d23dcf35538bcebe4e15
4aff30ba02ee08603a0bbb79d9c13bf0841ae327
85c2ed74361622f9b90d2b3365757f6c2310ac9bc8d29be90eb81be535d21893

HTTP Headers

GET /livechat.ashx?siteId=65000584 HTTP/1.1
Host: vue.livehelp100service.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
date: Tue, 16 Apr 2024 03:29:40 GMT
server: Kestrel
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: OVAhyBNs580nadOUIU1CIlNY8zQ4bIe1Ogqcz0sS7qRKanjrF6sjLw==
age: 51731
X-Firefox-Spdy: h2

786ad.239tgaaagf.com/campaign.ashx?siteId=65000584&campaignId=10b42444-f030-4724-9472-c5b49997c716&lastUpdateTime=000000000F9D58B5

99.83.207.187

200 OK

16 kB

URL GET HTTP/2
786ad.239tgaaagf.com/campaign.ashx?siteId=65000584&campaignId=10b42444-f030-4724-9472-c5b49997c716&lastUpdateTime=000000000F9D58B5
IP
99.83.207.187:443
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerAmazon
Subject*.livehelp100service.com
Fingerprint30:5B:92:F8:D3:3F:D6:BC:AB:CB:92:F8:DB:62:DE:57:A3:32:FC:AC
ValidityFri, 11 Aug 2023 00:00:00 GMT - Sun, 08 Sep 2024 23:59:59 GMT

File type

Size
16 kB (15850 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /campaign.ashx?siteId=65000584&campaignId=10b42444-f030-4724-9472-c5b49997c716&lastUpdateTime=000000000F9D58B5 HTTP/1.1
Host: 786ad.239tgaaagf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://7003659.com:8989
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 17:51:55 GMT
content-type: text/json
access-control-allow-origin: *
cache-control: max-age=31536000
arrserver: chatserver2
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self'
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

786ad.239tgaaagf.com/visitor.ashx?siteId=65000584

99.83.207.187

200 OK

1.3 kB

URL POST HTTP/2
786ad.239tgaaagf.com/visitor.ashx?siteId=65000584
IP
99.83.207.187:443
ASN
#16509 AMAZON-02

Requested by
https://7003659.com:8989/
Certificate
IssuerAmazon
Subject*.livehelp100service.com
Fingerprint30:5B:92:F8:D3:3F:D6:BC:AB:CB:92:F8:DB:62:DE:57:A3:32:FC:AC
ValidityFri, 11 Aug 2023 00:00:00 GMT - Sun, 08 Sep 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (1459), with no line terminators
Size
1.3 kB (1321 bytes)
Hash
52077ade81a53d1f3236ac929e05c588
4d897c6da0822c2925aeed36152bf34d2b611907
1c27384a2b55c6c21eeabb1ba3502f2dd06585aa6532beb0d290db14a5f96999

HTTP Headers

POST /visitor.ashx?siteId=65000584 HTTP/1.1
Host: 786ad.239tgaaagf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 69
Origin: https://7003659.com:8989
DNT: 1
Connection: keep-alive
Referer: https://7003659.com:8989/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 17:51:54 GMT
content-type: text/json
access-control-allow-credentials: true
access-control-allow-origin: https://7003659.com:8989
arrserver: chatserver2
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self'
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (52)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML